Core 9000 series

AndreiD · 30 Aug 2018 at 15:49

The average person on the street most likely has Windows 10 since that's what most laptops come with, which does automatic microcode updates, so most people should be secure.
Good luck turning security updates off in Windows 10 nowadays, they have 3-4 different services that does those updates.

jigger · 30 Aug 2018 at 15:52

SiDeards73 said:
The key here is "Microsoft / Bios Updates" the average guy on the street buying his PC from high street retailer is not doing BIOS updates, the average person buying their laptop does not even know what the BIOS is, let alone how to update it.

I know tons of people, literally tons, who never ever ever do firmware / bios updates. Hackers also know this.

So yes it is a major problem, just because you and i and other members who and enthusiasts update our bios, do not for one naive moment think we are the majority, we are the extreme minority.

How many corporate PC's out there do you think there are that never ever get bios updates? i can tell you from personal experience its a huge amount.

Even if everyone got updates, the level of destruction Microsoft updates will bring....

SiDeards73 · 30 Aug 2018 at 15:53

AndreiD said:
The average person on the street most likely has Windows 10 since that's what most laptops come with, which does automatic microcode updates, so most people should be secure.
Good luck turning security updates off in Windows 10 nowadays, they have 3-4 different services that does those updates.

Windows 10 can do Firmware updates, but i personally have only ever seen it do it on the Surface family of devices, we use Dell here at work, globally, and ive never once seen it update any of the dell firmware, we have a seperate dell provided utility for that which links into SCCM.

https://docs.microsoft.com/en-us/windows-hardware/drivers/install/updating-device-firmware-
using-windows-update

Also wanted to add this is via UEFI, Intel are planning on moving to UEFI by 2020 and doing away with BIOS.

https://arstechnica.com/gadgets/201...last-vestiges-of-the-ancient-pc-bios-by-2020/

So there is hope that they can push microcodes delivered via WU / WSUS via UEFI in the future

jigger · 30 Aug 2018 at 15:55

AndreiD said:
The average person on the street most likely has Windows 10 since that's what most laptops come with, which does automatic microcode updates, so most people should be secure.
Good luck turning security updates off in Windows 10 nowadays, they have 3-4 different services that does those updates.

Most laptops had MS force upon them. I bet most laptops can't be updated with Windows alone. In fact I know of a few firms returning pretty high end laptops for this reason.

Vince · 30 Aug 2018 at 16:01

AndreiD said:
The average person on the street most likely has Windows 10 since that's what most laptops come with, which does automatic microcode updates, so most people should be secure.
Good luck turning security updates off in Windows 10 nowadays, they have 3-4 different services that does those updates.

Windows 10 on auto microde updates - Why then isn't my skylake fixed? Why did I end up buying a new machine to mitigate these risks? Windows 10 does not as far as I can see distribute microde in any useful way.

SiDeards73 · 30 Aug 2018 at 16:02

jigger said:
Most laptops had MS force upon them. I bet most laptops can't be updated with Windows alone. In fact I know of a few firms returning pretty high end laptops for this reason.

We had a major inquest into Specdown and how vulnerable we are (Global manufacturing FTSE 500 company) as a result we binned thousands of mobile phones that simply could not ever achieve acceptable levels of security, and have had to push to minimum versions of software, firmwares etc etc, its been a total nightmare. We have globally looked at moving more into the cloud which is kinda ironic given the nature of the exploits, and are looking hard at our data centre infrastructure and considering EPYC.

gavinh87 · 30 Aug 2018 at 16:02

If

jigger said:
So the master race should stop buying hardware, but if they do buy hardware they shouldn't be concerned with performance or security, only buy the fastest Intel they can afford.

Again you shame with your level of logic and lateral thinking.

You stopped buying hardware years ago lol. Will probably be another 5 years before you update that 1800x, so why do you care?

SiDeards73 · 30 Aug 2018 at 16:04

Vince said:
Windows 10 on auto microde updates - Why then isn't my skylake fixed? Why did I end up buying a new machine to mitigate these risks? Windows 10 does not as far as I can see distribute microde.

It can but it relies on the vendor to supply the code to MS to validate etc, if you ever use a Microsoft Surface family device you will see that is how they update the firmware on all their devices, via the Windows Update.

Its kinda funny, if we buy a Surface, i have to let it do the out of the box build, then do all the windows updates to get the firmware fixes in place, then i run our corporate Win10 image over the top, infact we had to suspend the SP5 roll outs because they require a version of Win 10 1709, which we was not at yet, we was still on 1703.

But yeah, you can microcode update via Win10 WU.

Vince · 30 Aug 2018 at 16:05

SiDeards73 said:
It can but it relies on the vendor to supply the code to MS to validate etc, if you ever use a Microsoft Surface family device you will see that is how they update the firmware on all their devices, via the Windows Update.

Its kinda funny, if we buy a Surface, i have to let it do the out of the box build, then do all the windows updates to get the firmware fixes in place, then i run our corporate Win10 image over the top, infact we had to suspend the SP5 roll outs because they require a version of Win 10 1709, which we was not at yet, we was still on 1703.

But yeah, you can microcode update via Win10 WU.

You can, you say - so long as its vendor supported! Yet the only vendor that actually supports this is MS... golden

I haven't seen a single microde update for any of our 100's of hp desktops, laptops etc etc. In fact of the several hundred devices we have a total of zero, nada, none got any microde through windows update. What is actually possible is clearly not what is actually happening.

gavinh87 · 30 Aug 2018 at 16:10

jigger said:
So the master race should stop buying hardware, but if they do buy hardware they shouldn't be concerned with performance or security, only buy the fastest Intel they can afford.

Again you shame with your level of logic and lateral thinking.

And where did I say that users shouldn't be bothered about performance? The reason the 8700k sold so well was performance, it certainly wasn't down to security.
The reason the 9900k will sell so well will be down to performance.
As already said, the likelihood of anything coming from these vulnerabilities is minimal.

SiDeards73 · 30 Aug 2018 at 16:17

Vince said:
You can, you say - so long as its vendor supported! Yet the only vendor that actually supports this is MS... golden I haven't seen a single microde update for any of our 100's of hp desktops, laptops etc etc. In fact of the several hundred devices we have a total of zero, nada, none got any microde through windows update. What is actually possible is clearly not what is actually happening.

+1 this is very true unfortunately... i dont blame MS for this though, if the vendors cared enough they would force MS to do this. Its not like vendors email users to tell them new BIOS are available either and often you wait ages for BIOS fixes.

The finger should really point at the vendors, MSI, Asus, Gigabyte, Asrock etc etc and even Intel, if they cared enough about the customers past the point of sale, they would force MS to distribute their fixes on Win10 via WU.

Problem is, in the PC world, its been this way for so long, that its the accepted practice, sell you a product, and then put any later or future fixes for it on their website, its down to you then to care about if you want to be secure or fixed or not. I guess its just a form of admonishing responsibility?

SiDeards73 · 30 Aug 2018 at 16:18

gavinh87 said:
And where did I say that users shouldn't be bothered about performance? The reason the 8700k sold so well was performance, it certainly wasn't down to security.
The reason the 9900k will sell so well will be down to performance.
As already said, the likelihood of anything coming from these vulnerabilities is minimal.

Tell that to the 2 countries with the current predominance in world hacking, i can almost guarantee you that they are working away at using these exploits already to steal your stuff.

gavinh87 · 30 Aug 2018 at 16:19

SiDeards73 said:
Tell that to the 2 countries with the current predominance in world hacking, i can almost guarantee you that they are working away at using these exploits already to steal your stuff.

They probably are, the same way little Tommy is thinking about how he can hack NASA.
Doesn't make either of them more likely to happen.

SiDeards73 · 30 Aug 2018 at 16:22

gavinh87 said:
They probably are, the same way little Tommy is thinking about how he can hack NASA.
Doesn't make either of them more likely to happen.

lol your naivety is hysterical Gavin... im not talking about a country doing the hacking, im talking about the majority of hackers coming from these 2 countries, and its not the USA either. It will happen, it might be a while, but it will happen, the prize at the end simply is too large for them to ignore.

Naysay all you like, but its coming, and theres going to be a lot of upset people when it does.

gavinh87 · 30 Aug 2018 at 16:23

SiDeards73 said:
lol your naivety is hysterical Gavin... im not talking about a country doing the hacking, im talking about the majority of hackers coming from these 2 countries, and its not the USA either. It will happen, it might be a while, but it will happen, the prize at the end simply is too large for them to ignore.

Naysay all you like, but its coming, and theres going to be a lot of upset people when it does.

I'll be too busy selling tinfoil hats to care mate

AndreiD · 30 Aug 2018 at 16:32

Isn't only ver1 the only one with any shown Javascript exploits? And that one is mitigated via software at OS level since all hardware is vulnerable. All of the others need physical access.
Basically if you're on an updated W10 or using the updated Google Chrome, you should be fine.

jigger · 30 Aug 2018 at 19:21

AndreiD said:
Isn't only ver1 the only one with any shown Javascript exploits? And that one is mitigated via software at OS level since all hardware is vulnerable. All of the others need physical access.
Basically if you're on an updated W10 or using the updated Google Chrome, you should be fine.

You should be fine? Everyone else not so much.

jigger · 30 Aug 2018 at 19:27

SiDeards73 said:
We had a major inquest into Specdown and how vulnerable we are (Global manufacturing FTSE 500 company) as a result we binned thousands of mobile phones that simply could not ever achieve acceptable levels of security, and have had to push to minimum versions of software, firmwares etc etc, its been a total nightmare. We have globally looked at moving more into the cloud which is kinda ironic given the nature of the exploits, and are looking hard at our data centre infrastructure and considering EPYC.

Yeah the situation is terrible. Who knows what the total cost of this mess will be.

Armageus · 30 Aug 2018 at 20:04

Thread cleaned - try and stay on topic please

robin66 · 30 Aug 2018 at 21:39

Armageus said:
Thread cleaned - try and stay on topic please

Thank God!