Microsoft releases update to reverse problematic Spectre patch
Click here to post a comment for Microsoft releases update to reverse problematic Spectre patch on our message forum
Noisiv
Quick recap:
https://abload.de/img/screenshot2018-01-291e3sh7.png
Protection Class (1) - Subsequently Microcode Update Fixed Processors
A microcode update is applied, which brings new CPU commands, which provide extensive Specter protection (Meltdown is rendered harmless by means of an operating system update). The same costs a bit of performance (supposedly more with older CPUs than with newer ones), but can be made available in a relatively short time by the CPU developers and motherboard manufacturers. As a disadvantage, many older CPUs (despite the technical possibility) no longer receive such a fix because their support has been discontinued.
Protection class (2) - Factory-fixed by microcode update Processors
Here again, a microcode update is scheduled, which brings new CPU commands, which provide extensive Specter protection (Meltdown is thereby harmless by means of an operating system update) . The same costs a bit of performance (supposedly less on older processors than on older ones) and is mostly already in the delivery state, which is why the CPU manufacturers then talk about "meltdown / Specter-free processors", although there are actually no changes on real hardware Level has given. But this method can be applied to every newly emerging CPU generation and will probably be realized in the same way for all upcoming CPUs.
Protection class (3) - Meltdown / Specter-free CPU architectures
RealNC
Meanwhile, it seems Linux has opted to mitigate Spectre v2 at the compiler level ("retpoline") and not use the microcode, calling Intel's microcode "crap."
On my system:
(There's no mitigation for v1 by anyone yet.)
AFAICT from the LKML posts, the retpoline method is actually faster than using the microcode. Although it gets a bit confusing for non-kernel people like me to interpret the posts, so I could be wrong.
Berke53
My system is behaving erratically so I downloaded the KB4078130 update. I appears to be a small 25 kB executable. When opening it does ablosutly nothing. There is no installer popping up or something. Is this normal? How to install it properly?
Turanis
In short:
Enable and disable Spectre Variant 2 mitigation manually
Microsoft also provides the following registry settings for user who want to enable or disable the Spectre Variant 2 without deploying KB4078130 on their systems:
To enable Variant 2: CVE 2017-5715 "Branch Target Injection":
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 1 /f
To disable Variant 2: CVE 2017-5715"Branch Target Injection":
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 1 /f
KB4078130 isn’t shipped via Windows Update, and can only be downloaded for Windows 7, 8.1, and 10 from the Update Catalog here.
Alessio1989
Good.
Hopefully Microsoft will going to use the "retpoline" soluition.
mbk1969
Alessio1989
Sergio
https://i.imgur.com/5DgPcG7.png
https://i.imgur.com/xD8W0cc.png
It adds/alters 2 registry keys after executing, yes it is normal, no popups.
Go to Regedit >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management >
And check "FeatureSettingsOverride" and "FeatureSettingsOverrideMask" there and both should be "1" after KB execute.
I tested "FeatureSettingsOverride". Changed it to "0" and executed KB exe. It changed to "1".
mbk1969
By the way, Microsoft in its article about mitigations on client Windows wrote about registry values "FeatureSettingsOverride" and "FeatureSettingsOverrideMask" both equals to "3". Taking to account your info we can assume that value "1" is a mask for Spectre mitigation, and value "2" is a mask for Meltdown mitigation.
RealNC
BlueRay
So why Intel and MS didn't adopt Google's Retpoline solution which doesn't harm performance and works better?
What the hell those companies did all those months when they knew the vulnerabilities will go public but yet didn't deliver a stable fix and now we have all those problematic fixes which do more harm than good?
I opted out of those silly patches for now. I didn't flash the microcode BIOS and I don't plan to do so until I will be sure those fixes are working and do not cause issues. Not to mention the botched performance everywhere. I'm glad I didn't jump on the danger-panic wagon so soon. The fixes were rushed out very amateurishly .
mbk1969
TheDeeGee
No reboots here, then again i'm on 1703 still.
demented brave
I am still using an ivy bridge 3570k. Doesn't look like there will be much done for older CPUs. I was really considering getting a 8700k but this spectre mess along with the crazy memory prices, guess I'll probably hold out a bit longer.
RzrTrek
I uninstalled kb4056892 a few days ago (kept coming back when I restart) but thankfully this band aid mad it less painful.
RealNC
fOrTy_7
Great, just yesterday I updated my Win 8.1 with all the Meltdown/Spectre patches thinking they sorted out all this mess by now. Guess I was wrong.
Anyway this new 'critical' patch doesn't do $hit to my system. I had to manually add those registry keys and reboot the system.
Not working 'critical' path for a not working 'critical' patch . It's getting better and better. I'm glad I'm still on Win 8.1 and can decide when to update my system in situations like this.
waltc3
The whole thing reminds me of "net neutrality"--a complex, repressive solution in search of real and authentic problems that may or may not ever exist, but for a fact do not currently exist at all. We seem to be getting dumber these days.
Rich_Guy
Nothing to do with this one https://support.microsoft.com/en-us/help/4056897/windows-7-update-kb4056897 ?, as ive got this one on, and all fine.
EDIT: Ahh, its for those who who experience restart/reboot problems.
JamesSneed