Intel makes Spectre fixes for Intel Kaby and Coffee Lake available
Click here to post a comment for Intel makes Spectre fixes for Intel Kaby and Coffee Lake available on our message forum
Koniakki
I'm on the v1.40(supposedly Spectre fix) for my Asrock Z370 Extreme4 since early when it was released, which of course it's not available anymore.
I contemplated downgrading my bios to v1.30 after the fiasco but didn't encounter any issues, so I chose to wait.
I hope they get it right this time.
Phill-7
Updated mb bios with the new microcode, got 20-40% performance drop in aida64 cpu tests. Rolled back to the previous bios. I prefer better performance more than these bloated exploit fixes.
Raider0001
I am still waiting for Skylake fix
RzrTrek
I think I will be holding on to my 1203 bios for a little while longer.
aka2k
People freak way too much with OS security. It's like a vampire: won't come in (mostly) if you don't invite. Just be careful with what you download and visit - even use a portable secure browser if you must go to some dark corner of the internet. Also use an adblock extension and you're golden.
Y0!
I have a pack of firmwares that Intel removed: microcode-20180108.tgz
Haswell and Ivy Bridge-E were the oldest CPUs that received an update in 2017. Ivy Bridge got its last update on 26 Feb 2015, Sandy Bridge-E - on 22 May 2012, Sandy Bridge - on 12 Jun 2013, and it was pretty funny to read about any issues of Sandy/Ivy Bridges with the newest firmware updates because there were not any firmware updates for them. And I bet that Intel will not release any firmware updates for the CPUs older than Haswell, just like they already did on 8 Jan 2018.
schmidtbag
You didn't lose performance due to bloat (microcode isn't that big). You lost performance because your hardware is no longer properly doing execution prediction like it used to. I wouldn't keep my hopes up that future patches are going to be better.
I think in most cases you're right, but from what I recall, these security flaws can be exploited remotely, and, can be exploited un-detected.
D3M1G0D
Then you should reapply the fix. Security should always trump performance. Always.
tunejunky
agreed, tho to be honest i was waiting on the learned feedback from you guys before applying fix to my i7-7700
Phill-7
I am sure you overestimate the risks in this case. As far as I know the exploits are very hard to be used on remote machine, and the hacking tools development based on them is very complicated. Maybe only corporate users should be worried. I don\t think anybody would burn hundreds of hours on development just to hack somebody's not VIP personal machine.
D3M1G0D
You could say the same about virtually every single exploit. "Who's going to bother hacking my little PC when there are big corporate users out there?" By that reasoning, regular consumers shouldn't ever bother with security patches. Also, by leaving your PC vulnerable you pose a potential threat to other devices that you are connected to (like herd immunity, it only works if everyone does it).
As I said, security always trumps performance. No exceptions.
nevcairiel
Skylake already got a fix in the first batch. And Skylake-X was added in this round. So whichever Skylake you got, you should be covered!
rl66
It has always been more easy to hack "not important small PC" than big company.
On big company you can hit the jackpot... but most of the time you get nothing.
On other hand with just easy plishing (you know, the hack where the "fail"used is the user lol) on thousand of computer you can earn ****Euro by month...
If you really want to go on the bad way... wich one would you chose to target?
So imagine with real "fail" in the system...
Thunk_It
Many thanks Hilbert for keeping all of us up to date on this issue!
xrodney
Spectre 2 harrd to exploit on Ryzen perhaps, but there was some days ago reported around 140+ Spectre&Metdown exploits/viruses in wild just during January if I remember correctly.
Ricepudding
No new updates showing for coffee lake right now, I assume the last one fixed it.
Currently using Asus hero X bio version 1003. Unless a new one is meant to come?
Raider0001
Well no, Meltdown was fixed by Windows update but the motherboard wasn't updated by MSI for the Spectre, I think MSI did not apply it because of lack of stability
slyphnier
i kinda curious why u guys care much about the this spectre and meltdown as personal user
i mean like it been published, the hole are only allow hacker spying on your rig, but they cant do anything whatsoever
i know some of you might concern about password etc. ... but again if you are hacker do u targeting personal user? say even u got/hacked someone pc, doesnt mean u getting their sensitive data either... well if i am hacker, i wont waste time like that... except i know the target is billionare or have tons of bitcoins
plus its not easy to bypass/remote from network, without specific program
making those program undetectable by antimalware/antivirus proggram will another things that hacker need to be done
well if the patch available and stable (not effecting performance etc.) of course i will install it
but otherwise, for me personally, i dont care much about the spectre+meltdown hole
fantaskarsef
Given your logic you never have to worry about IT security as a home user.
RealNC
So if I get your credit card info or your bank account logins, I can't do anything whatsoever? Wanna bet? 😛
Also, these exploits can serve as a middle step to enable other exploits.
