cancel
Showing results for 
Search instead for 
Did you mean: 

SPECTRE and MELTDOWN: Bug rocks Intel / ARM CPUs

segfaulted
Level 7
Kinda glad I bought AMD this round. For those who don't know there is a new bug affecting just about every SKU from Intel made in the last .. ohh.. _DECADE_ or so. It's actually worse then F00F or FDIV. Only mitigation appears to castrate the CPU upward of 30%! (depending on processes).

Can Asus confirm AMD and more importantly for me, this or any AMD motherboard are not affected? If so, will there be RMAs?

Fun fact, Intel's CEO dumped stock back in November before they started issuing gags on people from even talking about it.

*****ASUS advisory page(may get updated): https://www.asus.com/News/V5urzYAT6myCC1o2 ******
641 Views
701 REPLIES 701

karserasl wrote:
User interaction? Access locally? LOOOOOOLL!

https://repl.it/repls/DeliriousGreenOxpecker

Check it out if you didnt patch your BIOS. Its a small test reading your WHOLE chrome session from memory. (OK not whole session, its a test. It will output "The Magic Words are Squeamish Ossifrage." from memory vertically)

So that means, you went to bank account and login, and then just came across this small js, which could be ANYWHERE, in ads, in iframes anywhere, and your bank account is stolen.

Tell me again how small is this problem.


If the website carry with a malware payload, your antivirus will block it, but if your antivirus fail than it your own doom. Patching Spectre with BIOS firmware doesn't fully solve Spectre at all. Spectre is a hardware architecture vulnerability, so BIOS patching only provide partially protection which means attacker can exploit this vulnerability afterward, and yet Intel deny Spectre is a hardware architecture vulnerability. Cyber security experts recommend a new CPU with a new redesign architecture to fully solve Spectre, but that won't happen very soon. In addition, Google says exploit and patch Spectre is very hard, and it must be target on a specific CPU. f you think you are fully safe from Spectre after a simple BIOS update, well you are wrong because it only provide partially protection against Spectre not completely. This vulnerability will be with us for a very long time, unless we have a new CPU with a new redesign architecture.

Right now what people and Intel recommends you to stay safe from these two are update your windows to the latest, update all your software to the latest, keep your antivirus up-to-date, and practice common security measures such as don't open unknown emails, visiting a dodgy sites, and execute malicious applications.

I'm no hardware engineer or cyber security expert, but as far as I gather about this exploit is very hard to execute and it must be target on a specific CPU from Google. But as long you practice common security measures, you should be fine. I do agree with you that this is ain't no small problem, and we should take it very seriously.

SumTingWong wrote:
If the website carry with a malware payload, your antivirus will block it, but if your antivirus fail than it your own doom. Patching Spectre with BIOS firmware doesn't fully solve Spectre at all. Spectre is a hardware architecture vulnerability, so BIOS patching only provide partially protection which means attacker can exploit this vulnerability afterward, and yet Intel deny Spectre is a hardware architecture vulnerability. Cyber security experts recommend a new CPU with a new redesign architecture to fully solve Spectre, but that won't happen very soon. In addition, Google says exploit and patch Spectre is very hard, and it must be target on a specific CPU. f you think you are fully safe from Spectre after a simple BIOS update, well you are wrong because it only provide partially protection against Spectre not completely. This vulnerability will be with us for a very long time, unless we have a new CPU with a new redesign architecture.

Right now what people and Intel recommends you to stay safe from these two are update your windows to the latest, update all your software to the latest, keep your antivirus up-to-date, and practice common security measures such as don't open unknown emails, visiting a dodgy sites, and execute malicious applications.

I'm no hardware engineer or cyber security expert, but as far as I gather about this exploit is very hard to execute and it must be target on a specific CPU from Google. But as long you practice common security measures, you should be fine. I do agree with you that this is ain't no small problem, and we should take it very seriously.


Im curious.. Did your antivirus blocked this script that i posted? Do you know how easy it is to modify it and instead of a joke, it becomes a nightmare?

karserasl wrote:
Im curious.. Did your antivirus blocked this script that i posted? Do you know how easy it is to modify it and instead of a joke, it becomes a nightmare?


Nope it did not block, but I already knew I'm vulnerable to it without the BIOS patch, and my chrome is not V64 either. Spectre is very hard to exploit and patch from Google. The way you are saying it like a script kiddie that can easily modify the code. Spectre is ain't for a script kiddie. If there a real Spectre vulnerable command attack code right now, a lot company will get hit like a truck.

People who have applied new bios update, did you saw any performance hit?

karserasl wrote:
User interaction? Access locally? LOOOOOOLL!

https://repl.it/repls/DeliriousGreenOxpecker

Check it out if you didnt patch your BIOS. Its a small test reading your WHOLE chrome session from memory. (OK not whole session, its a test. It will output "The Magic Words are Squeamish Ossifrage." from memory vertically)

So that means, you went to bank account and login, and then just came across this small js, which could be ANYWHERE, in ads, in iframes anywhere, and your bank account is stolen.

Tell me again how small is this problem.


I wasn't going to go this far and post actual working expoits via browser JS, but there you go.

BIOS update for my ASUS motherboard is nearly a week late now (after announcement) which is completely unacceptable. I am considering taking further action against ASUS for their incompetency.

donavanbadboy wrote:
I wasn't going to go this far and post actual working expoits via browser JS, but there you go.

BIOS update for my ASUS motherboard is nearly a week late now (after announcement) which is completely unacceptable. I am considering taking further action against ASUS for their incompetency.


donavanbadboy wrote:
I wasn't going to go this far and post actual working expoits via browser JS, but there you go.

BIOS update for my ASUS motherboard is nearly a week late now (after announcement) which is completely unacceptable. I am considering taking further action against ASUS for their incompetency.


May be we are choose the broken legs PEG"ASUS" buddy. Intel had release their microcode to address my i9 7980XE "Spectre" since Jan 4 , 2018.
Intel also release the ME firmware was 11.11.50.1436 and they're already sending both microcode and firmware to all vender for a week ago.

The new microcode was address SA-00088 issue, ME Firmware was address SA-00086 issue.

Then EVGA has already publish their BIOS and ME update for their customer here.
https://forums.evga.com/X299-BIOS-Updates-with-PrePost-Spectre-updates-m2750720.aspx

Yesterday there are ASROCK and Gigabyte follow EVGA already! However the lazy horse PEG"ASUS" didn't release any update for us.
I pity money to bought the most expensive RAMPAGE ever made a lot.

After this issue my company also banned PEG"ASUS" already now. No its product anymore. We're going to claim our money back and switch to EVGA better.
I'm boring to talking with those staffs whom didn't care any users loss as first priority.

Look like EVGA X299 more cheaper and stronger in security. Atleast their after sales service can communicating with their customers in mankind langueges.
I could not see anything to discuss with lazy horse staffs anymore. Waste a lot of time buddy. " We're going to....." " We're urgently to..." " We're to.. "
I'd seen those lazy horse words for a week friend.

Finally I decided to say.
" Thank you sir but no more man . Our company has banned your products staring from our lastest purchase. It enough."

Most expensive mobo didn't mean better in performance/security and after sales supports.
W11 25H2 27788.1000 Core i9 7980XE 02007206 MCE ME 11.12.97.2614 R6E Modified BIOS 4201 SAMSUNG OG9 FW 1020.0 SSD 970 EVO PLUS 1 TB x 3 NVIDIA RTX 4090 GAME READY 572.24 64GB GSKILL DDR4 3200MHz JBL 9.1 Sound Bar DTS-X

restsugavan wrote:
May be we are choose the broken legs PEG"ASUS" buddy. Intel had release their microcode to address my i9 7980XE "Spectre" since Jan 4 , 2018.
Intel also release the ME firmware was 11.11.50.1436 and they're already sending both microcode and firmware to all vender for a week ago.

The new microcode was address SA-00088 issue, ME Firmware was address SA-00086 issue.

Then EVGA has already publish their BIOS and ME update for their customer here.
https://forums.evga.com/X299-BIOS-Updates-with-PrePost-Spectre-updates-m2750720.aspx

Yesterday there are ASROCK and Gigabyte follow EVGA already! However the lazy horse PEG"ASUS" didn't release any update for us.
I pity money to bought the most expensive RAMPAGE ever made a lot.

After this issue my company also banned PEG"ASUS" already now. No its product anymore. We're going to claim our money back and switch to EVGA better.
I'm boring to talking with those staffs whom didn't care any users loss as first priority.

Look like EVGA X299 more cheaper and stronger in security. Atleast their after sales service can communicating with their customers in mankind langueges.
I could not see anything to discuss with lazy horse staffs anymore. Waste a lot of time buddy. " We're going to....." " We're urgently to..." " We're to.. "
I'd seen those lazy horse words for a week friend.

Finally I decided to say.
" Thank you sir but no more man . Our company has banned your products staring from our lastest purchase. It enough."

Most expensive mobo didn't mean better in performance/security and after sales supports.


Also EVGA Has released a new bios update for the X99 series!!
And there is no performance lost according to someone having EVGA classified x99 and 6950x after updating the new BIOS microcode . Really EVGA support is awesome *

Arne Saknussemm wrote:
:rolleyes:


according to arestavo
***http://www.overclock.net/t/1601679/broadwell-e-thread/7440

And yes the new bios is in EVGA website for x99.

ELIESEH wrote:
Also EVGA Has released a new bios update for the X99 series!!
And there is no performance lost according to someone having EVGA classified x99 and 6950x after updating the new BIOS microcode . Really EVGA support is awesome *


Absolutely yes , at least your system has fully protected and free from Spectre and ME Firmware vulnerables.
Shame on my Rampage VI Extreme there are no updates for the most expensive x299 mobo ever made.*
We will get money refund to support EVGA products soon.*
W11 25H2 27788.1000 Core i9 7980XE 02007206 MCE ME 11.12.97.2614 R6E Modified BIOS 4201 SAMSUNG OG9 FW 1020.0 SSD 970 EVO PLUS 1 TB x 3 NVIDIA RTX 4090 GAME READY 572.24 64GB GSKILL DDR4 3200MHz JBL 9.1 Sound Bar DTS-X