cancel
Showing results for 
Search instead for 
Did you mean: 

SPECTRE and MELTDOWN: Bug rocks Intel / ARM CPUs

segfaulted
Level 7
Kinda glad I bought AMD this round. For those who don't know there is a new bug affecting just about every SKU from Intel made in the last .. ohh.. _DECADE_ or so. It's actually worse then F00F or FDIV. Only mitigation appears to castrate the CPU upward of 30%! (depending on processes).

Can Asus confirm AMD and more importantly for me, this or any AMD motherboard are not affected? If so, will there be RMAs?

Fun fact, Intel's CEO dumped stock back in November before they started issuing gags on people from even talking about it.

*****ASUS advisory page(may get updated): https://www.asus.com/News/V5urzYAT6myCC1o2 ******
287 Views
701 REPLIES 701

Arne Saknussemm wrote:
Intel update yesterday....makes clear the microcode updates are flawed and it is still in BETA testing of microcode updates...but you should update anyway...

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

"Intel has made significant progress in our investigation into the customer reboot sightings that we confirmed publicly last week
Intel has reproduced these issues internally and has developed a test method that allows us to do so in a predictable manner
Initial sightings were reported on Broadwell and Haswell based platforms in some configurations. During due diligence we determined that similar behavior occurs on other products including Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake based platforms in some configurations
We are working toward root cause
While our root cause analysis continues, we will start making beta microcode updates available to OEMs, Cloud service providers, system manufacturers and Software vendors next week for internal evaluation purposes
In all cases, the existing and any new beta microcode updates continue to provide protection against the exploit (CVE-2017-5715) also known as “Spectre Variant 2”
Variants 1 (Spectre) and Variant 3 (Meltdown) continue to be mitigated through system software changes from operating system and virtual machine vendors
As we gather feedback from our customers we will continue to provide updates that improve upon performance and usability
Intel recommendations to OEMs, Cloud service providers, system manufacturers and software vendors

Intel recommends that these partners maintain availability of existing microcode updates already released to end users. Intel does not recommend pulling back any updates already made available to end users
NEW - Intel recommends that these partners, at their discretion, continue development and release of updates with existing microcode to provide protection against these exploits, understanding that the current versions may introduce issues such as reboot in some configurations
NEW - We further recommend that OEMs, Cloud service providers, system manufacturers and software vendors begin evaluation of Intel beta microcode update releases in anticipation of definitive root cause and subsequent production releases suitable for end users"


Does this mean that Asus will issue further bios updates for the already updated mobos?
For example Z270 have received updated bios 1203. Does this mean that Asus will also work on a newer bios to address also the performance impact (when a new microcode is issued from Intel of course)?

Kosmosagamemnon
Level 7
KK everyone,

I mentioned that I would try and keep you updated after my original post on this subject. Intel have released some additional information regarding the meltdown and spectre microcode patching for its CPU's. The current release of the Microcode appears to introduce some stability problems, however these problems are not limited to Haswell and Broadwell.

It appears that all processor generations are impacted by a stability issue in certain configurations that can trigger a system reboot. The short version is that the stability issue is present on everything right up to Kaby Lake and Skylake. I haven't seen any information specifically relating to Skylake X or Kaby Lake X, however I expect the same issues to be present on both these series of CPU's due to the shared heritage of those architectures.

There is more information here http://www.zdnet.com/article/meltdown-spectre-intel-says-newer-chips-also-hit-by-unwanted-reboots-af... for you to have a look at. In the end the microcode updates currently released could be considered a beta release. Be wary of applying these patches to systems for which official tested firmware has not been released. Intel advises system admins to exercise caution when deploying current updates.

wootwoots
Level 7
So, any news for Z97 MB ?

wootwoots wrote:
So, any news for Z97 MB ?


I just got word on Paul's Hardware on youtube that the haswell spectre patch bios updates are causing crashing. It looks like we're not getting updates, because they're still working on it from what I can tell. We got hit hard apparently. I just got an Asus hero vii used to upgrade this computer and build another one from an MSI board. I trust Asus more than MSI to do their updates and patches. This is a very popular haswell motherboard after all. I wouldn't freak out and think we're not getting a patch.

Does anyone actually have an ETA on this?

The patches for all of the CPU platforms for all of the motherboard manufactures are supposed to be done by the end of this month.

If that takes longer, oh well.
I think we all just want to know.

Antony-rog
Level 8
One thing I do not understand is if there is a security issue, practically every system sold, how come some say it's best to leave it as it is, others say it should be remedied, but it will hurt a lot (performance), and already is there any new BIOS / Firmware versions for some product lines that, like Intel if it has been published, affects almost all processes or sold?
Another thing, is there a possibility of system crash when trying to exploit this vulnerability?
Remember the world ransomware attack? There are probably already teams trying to hone that attack using these new vulnerabilities.
There is also the problem of banking transactions, stocks, virtual currencies and cryptocurrencies. A nightmare.
I have four systems, all more then two years old in production. I have one system with an ROG Maximus IV Formula and a ROG GL552VW from Asus, those are on Intel, others on AMD, actually, one Dell on Intel as well.
The laptop is banking only and there isn't even a schedule for them on the site.

Really interesting fact about Brian Krzanich!

Antony-rog wrote:
One thing I do not understand is if there is a security issue, practically every system sold, how come some say it's best to leave it as it is, others say it should be remedied, but it will hurt a lot (performance), and already is there any new BIOS / Firmware versions for some product lines that, like Intel if it has been published, affects almost all processes or sold?
Another thing, is there a possibility of system crash when trying to exploit this vulnerability?
Remember the world ransomware attack? There are probably already teams trying to hone that attack using these new vulnerabilities.
There is also the problem of banking transactions, stocks, virtual currencies and cryptocurrencies. A nightmare.
I have four systems, all more then two years old in production. I have one system with an ROG Maximus IV Formula and a ROG GL552VW from Asus, those are on Intel, others on AMD, actually, one Dell on Intel as well.
The laptop is banking only and there isn't even a schedule for them on the site.

Really interesting fact about Brian Krzanich!


Hi Antony, I might be able to help a little here with some of your questions. Lets start with the first one which really is three separate questions with lengthy answers I'm afraid..

One thing I do not understand is if there is a security issue, practically every system sold, how come some say it's best to leave it as it is, others say it should be remedied, but it will hurt a lot (performance), and already is there any new BIOS / Firmware versions for some product lines that, like Intel if it has been published, affects almost all processes or sold?

Ok, the important thing to note here is that there is no IF, there is a security issue and if you own an Intel platform with a CPU made at any time between 2005 and today you have the security issue. The problem is more complex than this because Intel appear to only be producing fixes for hardware made within the last 10 years. And its also up to hardware vendors to decide if its worthwhile issuing a fix for their various platforms. Systems that are un-patched are as vulnerable as systems that have no patch coming.

With respect to performance impacts it really depends on what you are doing. Sequential Disk activities in particular writing data out to disk takes an impact, this will affect Virtual Machines and potentially database operations. However are you merely a gamer? If you are a gamer or just an average home user the chances of this affecting you at all are minimal. Games are built to eliminate process context switching because all it does is add latency to the code. Process Context switching is where the performance problem actually lies in a patched system. Is your system a Haswell, Broadwell, Kaby Lake or Skylake based architecture? Well they are less affected by the patches from a performance perspective because of a new feature integrated into those architectures called PCID Process Context Identifiers. This assists the CPU in identifying software process switches in hardware.

With respect to it being best to leave it, this is incorrect. it's best to address it because your system is vulnerable to an attack on its hardware. The normal operation of the computer allows these exploits to function. In short this makes it nearly impossible to mitigate against with standard anti-virus tools or malware scanners it literally is exploiting how your hardware operates, and that requires a fundamental change in how the Operating System uses the hardware which is where the patches come in.

The problem is that the patches will incur a performance penalty, and that penalty will be worse on older hardware than newer hardware. There is just no escaping this, Since the real fix will be replacing the CPU with one that is not affected, and given that the only line of Intel CPU's that aren't affected are Itanium's, we need a software fix to deal with the problem. The issue is that the current software and microcode fixes are causing stability problems as well as a performance hit. This is most likely why we don't have a fix from Asus yet for some product lines. However, that doesn't mean you should not patch if a patch is available unless otherwise instructed.


Another thing, is there a possibility of system crash when trying to exploit this vulnerability?

No. The exploit can be executed without warning or hint that anything at all has happened. This is because it exploits the design of the CPU itself to compromise it. Sure if code is written badly it'll crash but successful exploits don't do this and the clock is running out on that front.



I have four systems, all more then two years old in production. I have one system with an ROG Maximus IV Formula and a ROG GL552VW from Asus, those are on Intel, others on AMD, actually, one Dell on Intel as well.

It is likely that x79 based systems will not receive a patch, however with no word from Asus that is a guess, and we'll need to see what happens there, needless to say they are also vulnerable.


Intel, others on AMD, actually, one Dell on Intel as well.

AMD are not as susceptible as Intel systems are. AMD appear to be immune to the Meltdown exploit and are immune to at least 1 if not two of the three Spectre exploits. The reason for this lies in how the security features of their CPU's are architected.

Is there a bios update for spectre yet with the ASUS Maximus Hero x? Nothing on the website and I've read through the forums a fair bit, can't see anything, maybe I'm blind?

ritchiedrama wrote:
Is there a bios update for spectre yet with the ASUS Maximus Hero x? Nothing on the website and I've read through the forums a fair bit, can't see anything, maybe I'm blind?


For Maximus X Hero, isn't BIOS 1003 the update to address Spectre and Meltdown vulnerabilities? If so, I believe it is available on the Maximus X Hero support page.

That is my understanding. For the Maximus X Hero and Hero WIFI. I installed BIOS 1003, ran the Powershell Speculation Control commands, ran Windows updates, then ran the Spectre and Meltdown test. Both came up Green and Clean !

Now if I cold just figure out why I can't see VRM temps in my Hero WIFI BIOS 1003, or in HWiNFO, AIDA, or SIV, I would be good to go. There are a lot of Hero owner's asking the same thing. It seems that the VRM temp sensor was there, and now it isn't. Apparently, there is more than one version of the Hero and Heor wifi and due to a component change, they no longer support VRM temp reporting, despite the picture of a temp sensor there on their website. No one from Asus will comment on this issue.

But yes - BIOS 1003 should have the microcode patch in it. Worked on mine anyway.

IT_Troll
Level 10
Intel are now saying that increased reboots are being seen across practically all CPU models which have the microcode update (not just Broadwell and Haswell). I'd hold off updating even if you have a new BIOS for your motherboard.
https://newsroom.intel.com/news/firmware-updates-and-initial-performance-data-for-data-center-system...