01-02-2018 11:05 PM - last edited on 03-06-2024 09:57 PM by ROGBot
01-18-2018 11:18 AM
ELIESEH wrote:Kosmosagamemnon wrote:
What will happened if i don’t apply the new bios update?
How much is the probability for an attacker’s to choose me? 0.1%樂
I think it is a good deal to not update to the new bios and i will keep my cpu performance and stability.*
The bug fixes for linux have been released to the public now for a lot longer than the Windows fix. This means that the source code detailing the current mitigations has been publicly available for quite some time. The longer its available the greater the opportunity to reverse engineer it, and then we will see exploits targeting vulnerable machines. Make no mistake about this, the bug affects Every single CPU Intel has produced since 2005 unless its an Itanium.
This is the kind of bug a criminal lives for, the one in your hardware. If you think that no one is looking to exploit this you are kidding yourself. Ultimately all you'll need to do is visit any booby trapped web site that triggers some javascript that exploits a branching code execution exploit and you may as well install a backdoor yourself with a sign saying "Come take my accounts for free" hanging over your computer. From the attackers perspective its not that simple yet, but then again its only early days, the exploits have only just been unveiled. How about this, do you work in IT do you take Virtual Machines home to work on, with your home computer? if one became infected from your unpatched machine you'll carry that liability.
If you run on an Intel chip you are vulnerable to three separate exploits from Spectre alone that can see details like passwords and other account details leaked from RAM, and that's the least serious part. The potential is there to inject arbitrary code into the Kernel by executing branching code that locates the Kernel in RAM. Once someone does that they own your computer and can do what they want with it. The longer this goes on the more sophisticated the attacks will become.
The major risk in particular as it relates to virtual machines is that it is possible for arbitrary code to jump virtual machines running on the same platform. Imagine renting a virtual server from Amazon or Microsoft, and being able to use it to illicitly collect data on all the other virtual machines running on the same host. That is one of the risks, it is also one that you wont face if you use Amazon and Microsoft because their systems are going to be patched.
If you fail to patch your machine I personally wouldn't trust you to open a Zip file. It's your risk to take but it is an avoidable one if you patch your system. And not to put too fine a point on it, All of us who own high end Intel systems are angry about this, your own situation is no different than mine or any other of a billion+ users out there who also don't want to sacrifice some performance for security. However these fixes wouldn't be getting pushed if the issue weren't serious, Intel wouldn't let something like this hit its share price if it wasn't damned serious, and people like me wouldn't take the time out to convey to you exactly how serious this problem is, if it was make believe.
01-18-2018 11:33 AM
01-17-2018 05:01 PM
01-17-2018 05:52 PM
01-17-2018 06:29 PM
01-17-2018 06:50 PM
Brighttail wrote:
Well I FINALLY figured it out. Holy hell. Turns out I'm clicking what I think is an executable file that pops up a Dos Screen and disappears so quickly that I can't even see that there was an error. Ended up having to go into an administrative DOS prompt and run the executable program with following tag "-f" . Then it updated the firmware and the Intel tool recognizes the correct version.
Seriously tho this is NOT something that a normal end user would EVER understand how or what to do. I have no idea how Asus or Intel expects anyone that isn't a computer technician to know how to install this all correctly. I'm guessing or at least HOPING that I'm just an idiot and missed something and it was something as simple as clicking a file and it would all be good but when I went to download ME 11.11.50.1436, it game me three files. Two of them were executable files, one for x86 and the other for x64 machines and then the actual .bin file. The only way I could figure out what to do was to bring up a DOS window and through trial and error, find the command to execute the .bin file correctly. Am I alone on this to think that normal users would not be able to do this on their own and Asus or Intel needs to come up with a better/easier way?
Seriously did I miss something? Shouldn't the BIOS update have done all this for me? There is no way that I should have had to do this manual update through a DOS prompt. 😞
Very pissed off and frustrated now. 😕
01-17-2018 07:10 PM
restsugavan wrote:
Hahaha Due we're ROG user buddy. ASUS want you to be an expert ROG. This will upgrade your belt level here. Now you could help other people easily.
the you'll be ROG GURU at last. This is our way. It was normal for ROG RAMPAGE Since RAMPAGE II GENE.:o
01-17-2018 08:47 PM
01-18-2018 05:37 AM
01-18-2018 06:09 AM
Arne Saknussemm wrote:
Intel update yesterday....makes clear the microcode updates are flawed and it is still in BETA testing of microcode updates...but you should update anyway...
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
"Intel has made significant progress in our investigation into the customer reboot sightings that we confirmed publicly last week
Intel has reproduced these issues internally and has developed a test method that allows us to do so in a predictable manner
Initial sightings were reported on Broadwell and Haswell based platforms in some configurations. During due diligence we determined that similar behavior occurs on other products including Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake based platforms in some configurations
We are working toward root cause
While our root cause analysis continues, we will start making beta microcode updates available to OEMs, Cloud service providers, system manufacturers and Software vendors next week for internal evaluation purposes
In all cases, the existing and any new beta microcode updates continue to provide protection against the exploit (CVE-2017-5715) also known as “Spectre Variant 2�
Variants 1 (Spectre) and Variant 3 (Meltdown) continue to be mitigated through system software changes from operating system and virtual machine vendors
As we gather feedback from our customers we will continue to provide updates that improve upon performance and usability
Intel recommendations to OEMs, Cloud service providers, system manufacturers and software vendors
Intel recommends that these partners maintain availability of existing microcode updates already released to end users. Intel does not recommend pulling back any updates already made available to end users
NEW - Intel recommends that these partners, at their discretion, continue development and release of updates with existing microcode to provide protection against these exploits, understanding that the current versions may introduce issues such as reboot in some configurations
NEW - We further recommend that OEMs, Cloud service providers, system manufacturers and software vendors begin evaluation of Intel beta microcode update releases in anticipation of definitive root cause and subsequent production releases suitable for end users"