cancel
Showing results for 
Search instead for 
Did you mean: 

SPECTRE and MELTDOWN: Bug rocks Intel / ARM CPUs

segfaulted
Level 7
Kinda glad I bought AMD this round. For those who don't know there is a new bug affecting just about every SKU from Intel made in the last .. ohh.. _DECADE_ or so. It's actually worse then F00F or FDIV. Only mitigation appears to castrate the CPU upward of 30%! (depending on processes).

Can Asus confirm AMD and more importantly for me, this or any AMD motherboard are not affected? If so, will there be RMAs?

Fun fact, Intel's CEO dumped stock back in November before they started issuing gags on people from even talking about it.

*****ASUS advisory page(may get updated): https://www.asus.com/News/V5urzYAT6myCC1o2 ******
772 Views
701 REPLIES 701

ELIESEH wrote:
Kosmosagamemnon wrote:


What will happened if i don’t apply the new bios update?
How much is the probability for an attacker’s to choose me? 0.1%樂
I think it is a good deal to not update to the new bios and i will keep my cpu performance and stability.*


The bug fixes for linux have been released to the public now for a lot longer than the Windows fix. This means that the source code detailing the current mitigations has been publicly available for quite some time. The longer its available the greater the opportunity to reverse engineer it, and then we will see exploits targeting vulnerable machines. Make no mistake about this, the bug affects Every single CPU Intel has produced since 2005 unless its an Itanium.

This is the kind of bug a criminal lives for, the one in your hardware. If you think that no one is looking to exploit this you are kidding yourself. Ultimately all you'll need to do is visit any booby trapped web site that triggers some javascript that exploits a branching code execution exploit and you may as well install a backdoor yourself with a sign saying "Come take my accounts for free" hanging over your computer. From the attackers perspective its not that simple yet, but then again its only early days, the exploits have only just been unveiled. How about this, do you work in IT do you take Virtual Machines home to work on, with your home computer? if one became infected from your unpatched machine you'll carry that liability.

If you run on an Intel chip you are vulnerable to three separate exploits from Spectre alone that can see details like passwords and other account details leaked from RAM, and that's the least serious part. The potential is there to inject arbitrary code into the Kernel by executing branching code that locates the Kernel in RAM. Once someone does that they own your computer and can do what they want with it. The longer this goes on the more sophisticated the attacks will become.

The major risk in particular as it relates to virtual machines is that it is possible for arbitrary code to jump virtual machines running on the same platform. Imagine renting a virtual server from Amazon or Microsoft, and being able to use it to illicitly collect data on all the other virtual machines running on the same host. That is one of the risks, it is also one that you wont face if you use Amazon and Microsoft because their systems are going to be patched.

If you fail to patch your machine I personally wouldn't trust you to open a Zip file. It's your risk to take but it is an avoidable one if you patch your system. And not to put too fine a point on it, All of us who own high end Intel systems are angry about this, your own situation is no different than mine or any other of a billion+ users out there who also don't want to sacrifice some performance for security. However these fixes wouldn't be getting pushed if the issue weren't serious, Intel wouldn't let something like this hit its share price if it wasn't damned serious, and people like me wouldn't take the time out to convey to you exactly how serious this problem is, if it was make believe.

You are right, thank u so much,
I will oc my cpu from 4.2 to 4.3 ghz.

Brighttail
Level 11
Re-ran some benchmarks from prior to the patch to after the patch.
Cinebench saw a 3% drop. Real bench was about 6.8% drop. The real hit is to my SSDs.

Both my Intel 900p boot drive and RAID 0 data drive took some significant hits. The sequential read/writes are not so bad with only 100mb/s from pre to post patch. The 4k 8Q depth is about 500mb/s. the 4k 32Q depth sees the biggest hit of 50% from 800 Mb/s to 400 Mb/s on the read. Finally the 4k 1Q depth sees about a 20% drop with reads going from 300 MB/s down to 230 Mb/s and reads from 279Mb/s to 203 Mb/s.

On the RAID 0 drive the percentages are the same with the exception of the 4k Q1 depth where the RAID 0 read pre patch was 53Mb/s and after was 52Mb/s.

So far I haven't noticed much lag difference in daily work so hopefully this ends up only being something you can really see with benchmarks.
Panteks Enthoo Elite / Asus x299 Rampage VI Extreme / Intel I9-7900X / Corsair Dominator RGB 3200MHz

MSI GTX 1080 TI / 2x Intel 900p / Samsung 970 Pro 512GB

Samsung 850 PRO 512GB / Western Digital Gold 8TB HD

Corsair AX 1200i / Corsair Platinum K95 / Asus Chakram

Acer XB321HK 4k, IPS, G-sync Monitor / Water Cooled / Asus G571JT Laptop

Brighttail
Level 11
I get that is what it is supposed to say, I'm just confused why the test is still reporting the incorrect version. The Spectremeltdown.exe is saying I'm protected but the Intel SA-00086 tool is reporting the wrong MEI version. I have even gone into the registry editor to remove the key that holds the results and re-ran it.

I downloaded the ME drivers from Station drivers at http://www.station-drivers.com/index.php?option=com_remository&Itemid=352&func=fileinfo&id=3270〈=en
This had a simple executable file that I ran and I then got the success on the Spectremeltdown.exe program, but the Intel test still shows an older version. I will downgrade the BIOS again and reflash it to see if that works but other than that I'm still wondering if I did everything I need to do. People say install the ME 11.11.50.1436 but don't say how. AsROCK has an actual Flash BIOS file that does it and it isn't a software download. Also when I go into device manager to check the version it is a different version than what is shown above in my test and it isn't 11.11.50.1436. I'm very sorry for sounding so stupid but i'm simply not wrapping my brain around all of this.
Panteks Enthoo Elite / Asus x299 Rampage VI Extreme / Intel I9-7900X / Corsair Dominator RGB 3200MHz

MSI GTX 1080 TI / 2x Intel 900p / Samsung 970 Pro 512GB

Samsung 850 PRO 512GB / Western Digital Gold 8TB HD

Corsair AX 1200i / Corsair Platinum K95 / Asus Chakram

Acer XB321HK 4k, IPS, G-sync Monitor / Water Cooled / Asus G571JT Laptop

Brighttail
Level 11
Well I FINALLY figured it out. Holy hell. Turns out I'm clicking what I think is an executable file that pops up a Dos Screen and disappears so quickly that I can't even see that there was an error. Ended up having to go into an administrative DOS prompt and run the executable program with following tag "-f " . Then it updated the firmware and the Intel tool recognizes the correct version.

Seriously tho this is NOT something that a normal end user would EVER understand how or what to do. I have no idea how Asus or Intel expects anyone that isn't a computer technician to know how to install this all correctly. I'm guessing or at least HOPING that I'm just an idiot and missed something and it was something as simple as clicking a file and it would all be good but when I went to download ME 11.11.50.1436, it game me three files. Two of them were executable files, one for x86 and the other for x64 machines and then the actual .bin file. The only way I could figure out what to do was to bring up a DOS window and through trial and error, find the command to execute the .bin file correctly. Am I alone on this to think that normal users would not be able to do this on their own and Asus or Intel needs to come up with a better/easier way?

Seriously did I miss something? Shouldn't the BIOS update have done all this for me? There is no way that I should have had to do this manual update through a DOS prompt. 😞

Very pissed off and frustrated now. 😕
Panteks Enthoo Elite / Asus x299 Rampage VI Extreme / Intel I9-7900X / Corsair Dominator RGB 3200MHz

MSI GTX 1080 TI / 2x Intel 900p / Samsung 970 Pro 512GB

Samsung 850 PRO 512GB / Western Digital Gold 8TB HD

Corsair AX 1200i / Corsair Platinum K95 / Asus Chakram

Acer XB321HK 4k, IPS, G-sync Monitor / Water Cooled / Asus G571JT Laptop

Brighttail wrote:
Well I FINALLY figured it out. Holy hell. Turns out I'm clicking what I think is an executable file that pops up a Dos Screen and disappears so quickly that I can't even see that there was an error. Ended up having to go into an administrative DOS prompt and run the executable program with following tag "-f " . Then it updated the firmware and the Intel tool recognizes the correct version.

Seriously tho this is NOT something that a normal end user would EVER understand how or what to do. I have no idea how Asus or Intel expects anyone that isn't a computer technician to know how to install this all correctly. I'm guessing or at least HOPING that I'm just an idiot and missed something and it was something as simple as clicking a file and it would all be good but when I went to download ME 11.11.50.1436, it game me three files. Two of them were executable files, one for x86 and the other for x64 machines and then the actual .bin file. The only way I could figure out what to do was to bring up a DOS window and through trial and error, find the command to execute the .bin file correctly. Am I alone on this to think that normal users would not be able to do this on their own and Asus or Intel needs to come up with a better/easier way?

Seriously did I miss something? Shouldn't the BIOS update have done all this for me? There is no way that I should have had to do this manual update through a DOS prompt. 😞

Very pissed off and frustrated now. 😕


Hahaha Due we're ROG user buddy. ASUS want you to be an expert ROG. This will upgrade your belt level here. Now you could help other people easily.
the you'll be ROG GURU at last. This is our way. It was normal for ROG RAMPAGE Since RAMPAGE II GENE.:o
W11 25H2 27768.1000 Core i9 7980XE 02007108 MCE ME 11.12.97.2614 R6E Modified BIOS 4201 SAMSUNG OG9 FW 1020.0 SSD 970 EVO PLUS 1 TB x 3 NVIDIA RTX 4090 GAME READY 566.45 64GB GSKILL DDR4 3200MHz JBL 9.1 Sound Bar DTS-X

restsugavan wrote:
Hahaha Due we're ROG user buddy. ASUS want you to be an expert ROG. This will upgrade your belt level here. Now you could help other people easily.
the you'll be ROG GURU at last. This is our way. It was normal for ROG RAMPAGE Since RAMPAGE II GENE.:o


I know you are being cute but simply put, this issue of having to do these DOS updates are going to happen for the whole x299 platform not just the ROG side of things.
Panteks Enthoo Elite / Asus x299 Rampage VI Extreme / Intel I9-7900X / Corsair Dominator RGB 3200MHz

MSI GTX 1080 TI / 2x Intel 900p / Samsung 970 Pro 512GB

Samsung 850 PRO 512GB / Western Digital Gold 8TB HD

Corsair AX 1200i / Corsair Platinum K95 / Asus Chakram

Acer XB321HK 4k, IPS, G-sync Monitor / Water Cooled / Asus G571JT Laptop

Still waiting on x99-Deluxe news... or any x99 board BIOS

Arne_Saknussemm
Level 40
Intel update yesterday....makes clear the microcode updates are flawed and it is still in BETA testing of microcode updates...but you should update anyway...

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

"Intel has made significant progress in our investigation into the customer reboot sightings that we confirmed publicly last week
Intel has reproduced these issues internally and has developed a test method that allows us to do so in a predictable manner
Initial sightings were reported on Broadwell and Haswell based platforms in some configurations. During due diligence we determined that similar behavior occurs on other products including Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake based platforms in some configurations
We are working toward root cause
While our root cause analysis continues, we will start making beta microcode updates available to OEMs, Cloud service providers, system manufacturers and Software vendors next week for internal evaluation purposes
In all cases, the existing and any new beta microcode updates continue to provide protection against the exploit (CVE-2017-5715) also known as “Spectre Variant 2”
Variants 1 (Spectre) and Variant 3 (Meltdown) continue to be mitigated through system software changes from operating system and virtual machine vendors
As we gather feedback from our customers we will continue to provide updates that improve upon performance and usability
Intel recommendations to OEMs, Cloud service providers, system manufacturers and software vendors

Intel recommends that these partners maintain availability of existing microcode updates already released to end users. Intel does not recommend pulling back any updates already made available to end users
NEW - Intel recommends that these partners, at their discretion, continue development and release of updates with existing microcode to provide protection against these exploits, understanding that the current versions may introduce issues such as reboot in some configurations
NEW - We further recommend that OEMs, Cloud service providers, system manufacturers and software vendors begin evaluation of Intel beta microcode update releases in anticipation of definitive root cause and subsequent production releases suitable for end users"

Arne Saknussemm wrote:
Intel update yesterday....makes clear the microcode updates are flawed and it is still in BETA testing of microcode updates...but you should update anyway...

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

"Intel has made significant progress in our investigation into the customer reboot sightings that we confirmed publicly last week
Intel has reproduced these issues internally and has developed a test method that allows us to do so in a predictable manner
Initial sightings were reported on Broadwell and Haswell based platforms in some configurations. During due diligence we determined that similar behavior occurs on other products including Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake based platforms in some configurations
We are working toward root cause
While our root cause analysis continues, we will start making beta microcode updates available to OEMs, Cloud service providers, system manufacturers and Software vendors next week for internal evaluation purposes
In all cases, the existing and any new beta microcode updates continue to provide protection against the exploit (CVE-2017-5715) also known as “Spectre Variant 2�
Variants 1 (Spectre) and Variant 3 (Meltdown) continue to be mitigated through system software changes from operating system and virtual machine vendors
As we gather feedback from our customers we will continue to provide updates that improve upon performance and usability
Intel recommendations to OEMs, Cloud service providers, system manufacturers and software vendors

Intel recommends that these partners maintain availability of existing microcode updates already released to end users. Intel does not recommend pulling back any updates already made available to end users
NEW - Intel recommends that these partners, at their discretion, continue development and release of updates with existing microcode to provide protection against these exploits, understanding that the current versions may introduce issues such as reboot in some configurations
NEW - We further recommend that OEMs, Cloud service providers, system manufacturers and software vendors begin evaluation of Intel beta microcode update releases in anticipation of definitive root cause and subsequent production releases suitable for end users"


They'd already told me about that. The existing microcode was only patch for Spectre issue. Next revision will be performance optimized update.
However for best secure now. We need to update their microcode to address those vulnerables.:o

Intel CPU may performance hit around 3-19% depend on its generations, The worse now was ARM64 base CPU. Look like Apple iPhone 6
performance drop around 40% both single and multicore via Geekbench 4 on iOS 11.2.2 (Spectre & Meltdown patch). So Intel situation way better than Apple A7X and higher.:o

https://www.theinquirer.net/inquirer/news/3024424/apples-spectre-fix-throttles-iphone-6-performance-...
W11 25H2 27768.1000 Core i9 7980XE 02007108 MCE ME 11.12.97.2614 R6E Modified BIOS 4201 SAMSUNG OG9 FW 1020.0 SSD 970 EVO PLUS 1 TB x 3 NVIDIA RTX 4090 GAME READY 566.45 64GB GSKILL DDR4 3200MHz JBL 9.1 Sound Bar DTS-X