Results 1 to 8 of 8
  1. #1
    ROG Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    18

    Another INTEL bug | ZombieLoad / Microarchitectural Data Sampling

    There have been quite a few variants since the original spectre / meltdown revelations, this one appears different yet equally severe. Details are of course still coming but atm there is little known besides Intel have aparently released CPU firmware updates. Which board vendors and what products are patched remains. Can Asus comment?


    For reference:

    CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS)
    CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS)
    CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS)
    CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

    These too affect SKUs going back decades.

  2. #2
    ROG Enthusiast Array pokuly PC Specs
    pokuly PC Specs
    MotherboardASUS PRIME Z370-A
    ProcessorSpectre inside i7 8700k
    Memory (part number)G.Skill Trident Z F4-3200C14D-32GTZSW
    Graphics Card #1EVGA GTX 970 SC
    MonitorASUS VN279QLB@75Hz
    CPU CoolerThermalright Macho
    Power SupplySuperflower 550W

    Join Date
    Feb 2018
    Reputation
    10
    Posts
    69

    Microsoft offers a microcode update patch also: https://support.microsoft.com/en-us/...rocode-updates
    Info how to check: https://www.zdnet.com/article/how-to...ndows-systems/

    Together with recent Win updates and the recent MS script it shows here:

    MDSWindowsSupportPresent : True
    MDSHardwareVulnerable : True
    MDSWindowsSupportEnabled : True

  3. #3
    ROG Enthusiast Array
    Join Date
    Apr 2016
    Reputation
    11
    Posts
    37

    This is the last straw. I'm done with Intel. Next build will be AMD.

  4. #4
    ROG Guru: Brown Belt Array MrAgapiGC PC Specs
    MrAgapiGC PC Specs
    MotherboardAsus Maximus XI Code
    Processor9900K
    Memory (part number)CMK32GX4M4B3600C18
    Graphics Card #1STRIX-GTX1080ti-O8G-GAMING
    MonitorAOC AGON AG2701QX (2)
    Storage #1Samsung 960 EVO 256GB
    Storage #2Kingston Savage 500GB
    CPU CoolerNzxt X74 360mm AIO
    CaseNzxt H700
    Power SupplyEVGA 850 G2
    Keyboard Logitech G810
    Mouse Asus Spartha
    Headset Hyper X Cloud Revolver S
    Mouse Pad Hyper X Fury S 900mx420mm
    Headset/Speakers Logitech Z337
    OS Windows 10 64btis
    Network RouterTpLink Archer C9
    Accessory #1 EKWB FANs all of them
    MrAgapiGC's Avatar
    Join Date
    Nov 2011
    Reputation
    12
    Posts
    1,408

    Mine

    MDSWindowsSupportPresent : True
    MDSHardwareVulnerable : True
    MDSWindowsSupportEnabled : False

    That is bad?
    Learn, Play Enjoy!

  5. #5
    ROG Guru: Brown Belt Array MrAgapiGC PC Specs
    MrAgapiGC PC Specs
    MotherboardAsus Maximus XI Code
    Processor9900K
    Memory (part number)CMK32GX4M4B3600C18
    Graphics Card #1STRIX-GTX1080ti-O8G-GAMING
    MonitorAOC AGON AG2701QX (2)
    Storage #1Samsung 960 EVO 256GB
    Storage #2Kingston Savage 500GB
    CPU CoolerNzxt X74 360mm AIO
    CaseNzxt H700
    Power SupplyEVGA 850 G2
    Keyboard Logitech G810
    Mouse Asus Spartha
    Headset Hyper X Cloud Revolver S
    Mouse Pad Hyper X Fury S 900mx420mm
    Headset/Speakers Logitech Z337
    OS Windows 10 64btis
    Network RouterTpLink Archer C9
    Accessory #1 EKWB FANs all of them
    MrAgapiGC's Avatar
    Join Date
    Nov 2011
    Reputation
    12
    Posts
    1,408

    If i read all notes these is bad

    Speculation control settings for CVE-2017-5715 [branch target injection]

    Hardware support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: True

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: False

    Speculation control settings for CVE-2018-3639 [speculative store bypass]

    Hardware is vulnerable to speculative store bypass: True
    Hardware support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is present: True
    Windows OS support for speculative store bypass disable is enabled system-wide: False

    Speculation control settings for CVE-2018-3620 [L1 terminal fault]

    Hardware is vulnerable to L1 terminal fault: False

    Speculation control settings for MDS [microarchitectural data sampling]

    Windows OS support for MDS mitigation is present: True
    Hardware is vulnerable to MDS: True
    Windows OS support for MDS mitigation is enabled: False

    Suggested actions

    * Follow the guidance for enabling Windows Client support for speculation control mitigations described in https://support.microsoft.com/help/4073119


    BTIHardwarePresent : True
    BTIWindowsSupportPresent : True
    BTIWindowsSupportEnabled : True
    BTIDisabledBySystemPolicy : False
    BTIDisabledByNoHardwareSupport : False
    BTIKernelRetpolineEnabled : False
    BTIKernelImportOptimizationEnabled : True
    KVAShadowRequired : False
    KVAShadowWindowsSupportPresent : True
    KVAShadowWindowsSupportEnabled : False
    KVAShadowPcidEnabled : False
    SSBDWindowsSupportPresent : True
    SSBDHardwareVulnerable : True
    SSBDHardwarePresent : True
    SSBDWindowsSupportEnabledSystemWide : False
    L1TFHardwareVulnerable : False
    L1TFWindowsSupportPresent : True
    L1TFWindowsSupportEnabled : False
    L1TFInvalidPteBit : 0
    L1DFlushSupported : True
    MDSWindowsSupportPresent : True
    MDSHardwareVulnerable : True
    MDSWindowsSupportEnabled : False
    Learn, Play Enjoy!

  6. #6
    ROG Member Array Grom0X's Avatar
    Join Date
    Feb 2019
    Reputation
    10
    Posts
    6

    Last edited by Grom0X; 05-16-2019 at 12:19 PM.

  7. #7
    ROG Guru: Brown Belt Array MrAgapiGC PC Specs
    MrAgapiGC PC Specs
    MotherboardAsus Maximus XI Code
    Processor9900K
    Memory (part number)CMK32GX4M4B3600C18
    Graphics Card #1STRIX-GTX1080ti-O8G-GAMING
    MonitorAOC AGON AG2701QX (2)
    Storage #1Samsung 960 EVO 256GB
    Storage #2Kingston Savage 500GB
    CPU CoolerNzxt X74 360mm AIO
    CaseNzxt H700
    Power SupplyEVGA 850 G2
    Keyboard Logitech G810
    Mouse Asus Spartha
    Headset Hyper X Cloud Revolver S
    Mouse Pad Hyper X Fury S 900mx420mm
    Headset/Speakers Logitech Z337
    OS Windows 10 64btis
    Network RouterTpLink Archer C9
    Accessory #1 EKWB FANs all of them
    MrAgapiGC's Avatar
    Join Date
    Nov 2011
    Reputation
    12
    Posts
    1,408

    that I can not undestant. But If i read my results, ASUS have to send another bios on supported models to make adjustemts. Since i am running NORMAL drivers from the board website, They have to send new drivers. I have like to the new ones, but MOST are not savy like us. most drivers are outdated and old.

    On my field, ROG board Z170/Z270 i recomend the use of new drivers ONLY on the post on those. These include Z370 and for the moment Z390.

    These has to be send to verification ASUS CORP so they can integrate on OFFICIAL drivers.

    On new board that have the ARMORY CRATE, PLEASE ASUS MAKE IT WORK. Or ditch it if the company have no plans to make it work since the only thing on my CODE XI that is usefull, is that i can track what is install to better read the current version on my stuff.

    Remember INTEL make these as a challenge, and paying for these, and a lot of cash.

    the best way is to be ready and Asus push Bios and drivers (special these last one)
    Learn, Play Enjoy!

  8. #8
    ROG Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    18

    Appears Intel CPU's are vulnerable yet again, everything since 2012.

    https://labs.bitdefender.com/2019/08...s-instruction/

    https://www.amd.com/en/corporate/product-security

    One of the more damning thing about these is vendors claiming users need to update. While that is nice and semi accurate the unfortunate reality is those same vendors piggyback other changes onto their security updates. Microsoft for example.

    Security behind closed doors is no security at all. Fact that these get so little coverage even on "tech" sites is astounding.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •