Over 1 million tech questions and answers.

Yoga 2 Pro new Firmware to address Spectre and Meltdown security risks

Q: Yoga 2 Pro new Firmware to address Spectre and Meltdown security risks

Microsoft released a rare out-of-band security update to supported many versions of Windows. The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilitiesDubbed ?Meltdown? and ?Spectre,? the flaws affect nearly every device made in the past 20 years, and could allow attackers to use JavaScript code running in a browser to access memory in the attacker?s process. That memory content could contain key strokes, passwords, and other valuable information. More InfoFor consumers, to keep Windows up to date is the first step but is mandatory to install applicable Firmware (BIOS) update provided by OEM device manufacturer. 1) Microsoft has released the following patches for Windows 10:KB4056892 (OS Build 16299.192)KB4056891 (OS Build 15063.850)KB4056890 (OS Build 14393.2007)KB4056888 (OS Build 10586.1356)KB4056893 (OS Build 10240.17738)(*) Verifying that protections are enabled Verification using the PowerShell, Lenovo Yoga 2 Pro (20266 / 80AY), Patches Installed2) Then I would like to know when Lenovo Yoga 2 Pro (20266 / 80AY) is going to receive a microcode fix (Firmware Update) to address Spectre and Meltdown security risks?Currently it isn't even listed under Lenovo Security Advisory LEN-18282Please support your costumers with a proper Firmware. Best Regards,

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Yoga 2 Pro new Firmware to address Spectre and Meltdown security risks

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 127.6

We own three dozens of Lenovo G series - G50, G70 with Windows x64 8.1. Under the Reading Privileged Memory with a Side Channellocated at>https://support.lenovo.com/au/en/solutions/len-18282Lenovo Security Advisory: LEN-18282Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels.Severity: High Scope of Impact: Industry-wide CVE Identifier: ?Spectre? CVE-2017-5753, CVE-2017-5715?Meltdown? CVE-2017-5754 Summary Description: such G Series seem not listed at all. Do you plan to release firmware upgrades for Meltdown & Spectre risks, please? The step #3 of the Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabil... requires 3. Apply the applicable firmware update that is provided by the device manufacturer. Windows Updates and January 2018 Windows security updates (step#2) are not enough, as your chat support wrongly suggested us. We are currently quite disappointed on reading about a lack of support for our laptops when the risks is at planetary level because of flawed CPUs design. Thank you for your support.

Read other answers
RELEVANCY SCORE 92.4

I have a homebuilt workstation using an Intel motherboard and an Intel Processor (Sandy Bridge Xeon and S1200BTL). Am I just...completely out of luck for updates to address Meltdown and Spectre because this didn't come from an OEM, or will Intel release updates for their own hardware?
 
Thanks folks

A:Meltdown/Spectre Firmware/Bios for Homebuilt PC

No, it will depend of the company that made your motherboard.
 
For example, I just had a look at ASUS, and they are releasing BIOS updates with microcode updates (released by Intel). https://www.asus.com/us/support/FAQ/1035291
But you could be out of luck, when your motherboard manufacturer doesn't release new BIOS updates.
 
Although your OS could also help. What OS do you run on your workstation, Windows or Linux?

Read other 1 answers
RELEVANCY SCORE 91.2

HelloI would like to install the O2TJY45USA firmware update for my Ideacentre 510-15IKL. I am running Linux Mint on the desktop. I could find the Windows10 updater .EXE on the pcsupport.lenovo.com website  so far. Does anybody knows if there is a bootable .ISO that I could use without Windows. The updater .EXE provided in the download package is called wflash2.exe which indicates that it is designed for the use with Windows10 and not FreeDOS or alike. Many thanks for your help

Read other answers
RELEVANCY SCORE 88.4

We own several Lenovo G series - G50, G70 with Windows x64 8.1. Under the Reading Privileged Memory with a Side Channellocated athttps://support.lenovo.com/au/en/solutions/len-18282Lenovo Security Advisory: LEN-18282Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels.Severity: HighScope of Impact: Industry-wide CVE Identifier: ?Spectre? CVE-2017-5753, CVE-2017-5715?Meltdown? CVE-2017-5754such G Series seem not listed at all and no Target availability or Link to Update. The step #3 of the Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabil... requires3. Apply the applicable firmware update that is provided by the device manufacturer. Windows Updates and January 2018 Windows security updates (step#2) are not enough, unfortunately. We are quite worried about the flawed Intel CPUs design and the implications of these security risks. Do you plan to release firmware upgrades for Meltdown & Spectre risks for the G Series, please? Thank you. Do you own a G Serie Laptop? Reply to this thread and click over I have this question too.

Read other answers
RELEVANCY SCORE 84.4

I can't apply Microsoft updates to address the Meltdown/Spectre vulnerabilities until there is an update to the BIOS software from Lenovo. I have reviewed the support page that lists models targeted for updates, and I don't see mine listed: https://support.lenovo.com/us/en/solutions/len-18282 This is my main personal laptop, which I use for a lot of important tasks. If I can't apply this critical security update then it's worthless to me. This is not a very old machine, I would expect there to be some acknowledgement of it on that support page, but as far as I can see only newer Yoga models are being targeted for firmware patches. Please advise whether Lenovo intends to address this issue on this model.

Read other answers
RELEVANCY SCORE 83.6

As I know, Intel already published microcode updates for all Haswell CPU's, including mobile. At least, ASUS support confirmed, that BIOS of all MB for Haswell will be updated. Updated microcodes for Linux are already available. What about BIOS update for the Yoga 2 Pro with i7-4500U? Thank you in advance.

Read other answers
RELEVANCY SCORE 83.6

It's almost 6 months now and lenovo has still not released a fix for the spectre/meltdown vulnarability. I paid good money for this laptop and with that, I expect good product support. Almost all the other laptops have received the patch, but Lenovo is taking too darn long. Dell has already released fixes for almost all of its laptops. At this point, I'm starting to regret my decision of buying this laptop. Either lenovo is severely understaffed or it simply does not care enough for its customers. Please don't tell me to watch the https://support.lenovo.com/us/en/solutions/LEN-18282 page because I check it everyday. This isn't the only area where lenovo has failed to provide adequate support for its products. They haven't updated their drivers in ages, thinking that their drivers are good enough. Well, as new Windows builds come along, there are more and more problems with the drivers as well, such as the display drivers. They need to update them. An update every 3-6 months would be greatly appreciated as well. Very bad after-sales support from lenovo. Feel free to reply/contradict my claims.....

Read other answers
RELEVANCY SCORE 83.6

Earlier today i Decided to give  Lenovo uk Tech support a call,  i want to know if my  ideapad Z580 was possibly on the vulnerable list for Meltdown & Spectre? Only to my complete astonishment the guy i spoke with said he had never even heard of Meltdown & Spectre, and had no idea what i was even talking aboutuntil he looked it up, then he just said to me  i wouldn't worry about it i were you,  W T F Lenovo.  So does anyone on here know if the ideapad Z580 is affected at all, I can't see it listed anywhere.   

Read other answers
RELEVANCY SCORE 82.8

Is there an estimate of when the BIOS update for the YOGA 910-131 KV 80VF notebooks, to address the Meltdown and Spectre security vulnerabilities, will be available?  Will a notification be pushed out to users with 910s, or do I need to keep checking for availability myself?  Thanks.

Read other answers
RELEVANCY SCORE 80

Security and risk management leaders must take a pragmatic and risk-based approach to the ongoing threats posed by an entirely new class of vulnerabilities, according to Gartner.

Spectre and Meltdown are the code names given to different strains of a new class of attacks that target an underlying exploitable design implementation inside the majority of computer chips manufactured over the last 20 years.

Security researchers revealed three major variants of attacks in January 2018. The first two are referred to as Spectre, the third as Meltdown, and all three variants involve speculative execution of code to read what should have been protected memory and the use of subsequent side-channel-based attacks to infer the memory contents.

?Not all processors and software are vulnerable to the three variants in the same way, and the risk will vary based on the system?s exposure to running unknown and untrusted code,? said Neil MacDonald, vice president, distinguished analyst and Gartner fellow emeritus. ?The risk is real, but with a clear and pragmatic risk-based remediation plan, security and risk management leaders can provide business leaders with confidence that the marginal risk to the enterprise is manageable and is being addressed.?

Seven steps security leaders can take to mitigate risk
1. Modern operating systems (OSs) and hypervisors depend on structured, layered permission models to deliver security isolation and separation. Because this exploitable design i... Read more

Read other answers
RELEVANCY SCORE 79.2

Microsoft continues to work diligently with our industry partners to address the Spectre and Meltdown hardware-based vulnerabilities. Our top priority is clear: Help protect the safety and security of our customers? devices and data. Today, I?d like to provide an update on some of that work, including Windows security update availability for additional devices, our role in helping distribute available Intel firmware (microcode), and progress driving anti-virus compatibility.

Additional steps being taken to address Spectre and Meltdown vulnerabilities
Windows devices need both software and firmware updates to help protect them against these new vulnerabilities. Recently we added software coverage for x86 editions of Windows 10, and we continue to work to provide updates for other supported versions of Windows. You can find more information and a table of updated Windows editions in our Windows customer guidance article. We will update this documentation when new mitigations become available.

While firmware (microcode) security updates are not yet broadly available, Intel recently announced that they have completed their validations and started to release microcode for newer CPU platforms. Today, Microsoft will make available Intel microcode updates, initially for some Skylake devices running the most broadly installed version of Windows 10 ? the Windows 10 Fall Creators Update ? through the Microsoft Update Catalog, KB4090007. We will offer additional microcode upd... Read more

Read other answers
RELEVANCY SCORE 78.4

The program gives tips and tricks on how internet users can protect their system against attacks by local security holes

IT security manufacturer G DATA has released a free scanner that checks the system for the Meltdown and Spectre security holes. When they come across a hole, internet users are given tips on how to ward off the attack scenarios.
Meltdown and Spectre are the names of the PC vulnerabilities

The Meltdown and Spectre Scanner searching for vulnerabilities of the Computer
Computers protected with good IT security software are equipped to stave off cyberattacks from the Internet. A good antivirus product also protects scrupulously against offline attacks, such as infected USB sticks or other peripheral hardware connected to the computer. G DATA provides a free scanner that can be downloaded by users to keep them safe against the latest Meltdown and Spectre attack scenarios. But what exactly does the program do?

The scanner queries important computer parameters and settings, for example:
whether recent Microsoft updates are installed;
which computer processor is installed, and whether it is affected by the security holes;
which operating system is used on the computer;
whether safety-critical BIOS settings have been made;
whether a verified antivirus product compatible with the new Microsoft patch is installed.
After completing the test, the free scanner from G DATA gives tips on possible improvements. Internet users should therefore immediately apply the sp... Read more

A:Free G DATA scanner detects Meltdown and Spectre security holes

Faybert said:


The program gives tips and tricks on how internet users can protect their system against attacks by local security holes

IT security manufacturer G DATA has released a free scanner that checks the system for the Meltdown and Spectre security holes. When they come across a hole, internet users are given tips on how to ward off the attack scenarios.
Meltdown and Spectre are the names of the PC vulnerabilities

The Meltdown and Spectre Scanner searching for vulnerabilities of the Computer
Computers protected with good IT security software are equipped to stave off cyberattacks from the Internet. A good antivirus product also protects scrupulously against offline attacks, such as infected USB sticks or other peripheral hardware connected to the computer. G DATA provides a free scanner that can be downloaded by users to keep them safe against the latest Meltdown and Spectre attack scenarios. But what exactly does the program do?

The scanner queries important computer parameters and settings, for example:
whether recent Microsoft updates are installed;
which computer processor is installed, and whether it is affected by the security holes;
which operating system is used on the computer;
whether safety-critical BIOS settings have been made;
whether a verified antivirus product compatible with the new Microsoft patch is installed.
After completing the test, the free scanner from G DATA gives tips on possible improvements. Internet users should therefore im... Read more

Read other 0 answers
RELEVANCY SCORE 74.8

How to Make Sure Your PC is Safe from Meltdown and Spectre? 1) Read this Step-by-Step Guide2) InSpectre Tool Download Verification using the InSpectre, Lenovo Yoga 2 Pro (20266 / 80AY), All Microsoft Patches Installed NOTE: While Intel has now issued Firmware updates for CPUs introduced in the past 5 years, Lenovo Yoga 2 Pro (20266) - Intel Core i7 4500U Haswell with "only" 3 years old isn't even listed under Lenovo Security Advisory LEN-18282 (NO ETA FOR US) as detailed HERE. #Lenovo #FAIL Please Lenovo keep us safe supporting your costumers with a proper Firmware update ASAP.Best Regards, (*) Did this information help you today? Press the star on the left to thank with a KUDO!

Read other answers
RELEVANCY SCORE 65.2

Hi I don't see my laptop B50-80 on the list in: Lenovo Security Advisory: LEN-18282 (https://support.lenovo.com/se/pl/solutions/len-18282)Why? Does it means that there won't be a upgrade for this laptop?

Read other answers
RELEVANCY SCORE 65.2

Has anyone write step by step procedure to patch this issues yet ??
Those already done,,a little sharing are appreciated !!

Regards
azls73
 

Read other answers
RELEVANCY SCORE 65.2

Hi i dont know a lot about computers or the workings but with the scare of meltdown and spectre can we not get a new mother board and proccessos fitted in our old pc or is it not worth the faffing about and cost or what is the chance of little old me getting hacked just surfing the net not going on naughty sights like porn ect thanks . ps just by a new pc
 

A:Spectre and Meltdown

Chances of you being infected, and/or your data compromised with malware exploiting meltown and spectre vulnerabilities, are close to none.
Keep your software updated and don't be click happy. Stay safe!
 

Read other 0 answers
RELEVANCY SCORE 64.4

Hello people- I just heard about the security flaw out there called Spectre or meltdown-- My problem is this-- I am working on an older computer running Windows VISTA- yes you heard right-- My computer has never given me ANY problems- and I stand by the old motto- if it aint broke dont fix it. My memory has 8 GB and it is an HP-Intel core 2 quad cpu 2.33 GHZ- service pack 2 windows vista home premium.
Because I am running Vista- I can no longer get chrome updates- and thus when I try to do the software patch for this new problem- That strict isolation site - is not there and thus I cannot enable it- do you really think this is a problem- or not?? Please advise
P.S. My passwords are extremely strong for all of my important sites-if that matters?
 

Read other answers
RELEVANCY SCORE 64.4

I have Windows 10 version 1709 (Fall Creators Update) on my home desktop PC. I have just updated with 2018-01 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4056892). 
 
I have read the excellent and informative article How to Check if Your PC Is Protected Against Meltdown and Spectre by Chris Hoffman at How-To Geek. I ran this PowerShell script and after entering all of the commands my results are as follows:
 
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: False (need BIOS update)
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True
 
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimnization is enabled: False [not required for security]
 
Suggested actions
* Install BIOS/.firmware update provided by your device OEM that enables hardware support for the branch target injection... Read more

A:How to Know if I'm Protected Against Meltdown & Spectre

If you have the most recent version BIOS installed, then your BIOS is up to date. There is nothing more for you to do with BIOS for now.BIOS could care less and has no idea what version of Windows you are running. Windows does not load when you go into BIOS.I did not take the time to read all that stuff at How-To Geek.Why did you read and run all that stuff? Are you experiencing system problems?If you're not experiencing system problems, then I would ignore the output of the Powershell app.Yes, it is true that anti-virus apps can interfere with Windows Updates, but Avast Free Edition is not one that I generally see interfering. Usually, it is the Internet Security Suites with the 3rd party firewalls that wreak havoc with Windows Updates. The fact that you checked for Windows Updates and it said none were available means that all outstanding Windows Updates are installed.You have plenty of protection with Avast, Windows Firewall, Internet Modem Firewall and Windows 10 itself. You really don't need further protection.Regards. . .jcgriff2p.s. Just curious - what did they tell you at the How-To Geek forum?

Read other 11 answers
RELEVANCY SCORE 64.4

Hi everyone,
I currently own a Windows XP PC, which I occasionally use for web browsing. Are patches for Meltdown and Spectre vulnerabilities going to be issued for Windows XP, similar to the Wannacry Ransomware? I couldn't find any info about this online.
Regards,
iMacg3

A:Meltdown and Spectre patches?

Unsupported operating systems like XP won't be getting patches.
 
My operating system (OS) is not listed. When can I expect a fix to be released?

Addressing a hardware vulnerability with a software update presents significant challenges and mitigations for older operating systems and can require extensive architectural changes. We are continuing to work with affected chip manufacturers and investigating the best way to provide mitigations, which may be provided in a future update. Replacing older devices running these older operating systems should address the remaining risk along with updated antivirus software.
Note
 
Products currently out of both mainstream and extended support will not receive these OS updates. We recommend customers update to a supported OS version.
We will not be issuing updates for Windows Vista or Windows XP-based systems including WES 2009 and POSReady 2009.
 
 
Although Windows Vista and Windows XP-based systems are affected products, Microsoft is not issuing an update for them because the comprehensive architectural changes required would jeopardize system stability and cause application compatibility problems. We recommend that security-conscious customers upgrade to a newer supported operating system to keep pace with the changing security threat landscape and benefit from the more robust protections that newer operating systems provide.

 
https://support.microsoft.com/en-sg/help/4073757/protect-your-windows-d... Read more

Read other answers
RELEVANCY SCORE 64.4

Hi All

I'm sure you've all been following the news of Meltdown/Spectre.

I'm a (very satisfied) AppGuard user and was wondering if AppGuard can or does help with the issues we are facing with Meltdown/Spectre?

I know you need to install OS patches, firmware updates etc etc but in my case my PC is over 5yrs old and I highly doubt there will be any firmware/BIOS updates so can/will AppGuard help at all protect from these threats?
 

A:AppGuard + Spectre/Meltdown

As long as nothing with a code that tries to exploit meltdown/spectre runs on your system then you are protected. So if appguard or any anti exe, anti malware, antivius, srp, god himself stops the payload you are ptotected and if not you are not protected. Not going to go into details when it stops and when it doesn't because as a user you should already know that.
 

Read other 0 answers
RELEVANCY SCORE 64.4
RELEVANCY SCORE 64.4

Hello everybody, there is an offical Lenovo Advisory for Meltdown & Spectre in Combination with Lenovo Products:https://support.lenovo.com/de/de/solutions/len-18282 But i can't find information about my Lenovo Y50-70. Does anybody has further information?Do we will see an upgrade for our devices? Thanks in advancedGreatings from GermanyDaniel K.

Read other answers
RELEVANCY SCORE 63.6

Hey guys, and thanks for the help in advance!  Rather than hijack another's thread I will wreak my havoc here.
 
From what I just read (Thanks to Didier Stevens) I see that I have an older version of PowerShell, and that this Script won't work.  Here is my outcome.  I will go try to find the info on Updating Powershell, and then try the script again.  Any advice on that would be nice, if there is anything to avoid etc.  Hopefully this will also help others with this issue.

Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> Install-Module SpeculationControl
The term 'Install-Module' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:15
+ Install-Module <<<< SpeculationControl
+ CategoryInfo : ObjectNotFound: (Install-Module:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

PS C:\Windows\system32> get-host|Select-Object version

Version
-------
2.0
PS C:\Windows\system32>

I am a little confused about what this Script does?  Is it that not all CPU's are vulnerable?  My CPU does not have a current firmware update so it may be vulnerable at this time (though not to worried about it ATM) I have time to work on it now, so I'll try to move for... Read more

A:Meltdown and Spectre Powershell-Script Won't Run, Me Too!

You need to install the Windows Management Framework to update PowerShell.
Take a look at the table here to see which version is compatible with your Windows version:
 
https://docs.microsoft.com/en-us/powershell/wmf/readme

Read other 5 answers
RELEVANCY SCORE 63.6

Recently bought a new msi gt62vr 7re gaming laptop and I'm quite terrified about the news...What should I do?Should I even worry?
 

 
MSI has just released a new BIOS today with:

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; ;; ;; MSI BIOS Release Notes ;; ;; ;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
Model : MS-16L2 (KBL)
MKT Name : GT62VR 7RD / GT62VR 7RE ;****************************************************************************; New BIOS : E16L2IMS.30C
ROM CheckSum : 2FCDH
Release Date : 2018/1/9
 
;--------------------------- Description ------------------------------------;
 
Update CPU microcode.
 
 

 

 
But I'm honestly quite scared of doing it after going through the instructions...What should I do?
 

 
 
Do you think I should even bother and risk updating the BIOS?I'm kind of thinking that the risk that I break something is higher than the risk that I get hacked with the Spectre vulnerability...I've never ever updated BIOS and I'm unable to take my laptop to any technician because of my disability.

A:Meltdown/Spectre BIOS update

MSI has a BIOS update (version E16L2IMS.30C) which addresses the recently discovered security flaw in Intel. ARM, and AMD processors.  This was released on 01/09/2018.  Is this the update you are considering?
 
How did you become aware of this update?
 
It was recently announced that Intel (and other manufacturers)  has a large security problem with their CPUs.  The BIOS update offered by MSI addresses this issue, Microsoft has released a update to address this as well.
 
Updating the BIOS (also known as flashing the BIOS) was fraught with potential problems which left enthusiasts wary of updating.  It had become the accepted norm not to update the BIOS unless there was a hardware change which required a BIOS update to resolve the issue.  But as you have read above there are now more important reasons to update the BIOS.  It is easier to do now, but you need to have a firm understanding of the steps involved in the process.  Have you read through the instructions in the manual for this computer?

Read other 20 answers
RELEVANCY SCORE 63.6

Hello. Nice to meet you!
 
I have a serious dilemma! We all have heard about the two critical vulnerabilities were discovered in modern processors named “Meltdown” and “Spectre,” these processor chip vulnerabilities are found on personal computers, mobile devices, and in the cloud.
 
Now, my Lenovo ThinkPad T510 laptop PC that to this day runs great therefore I have no issues with it. I have no plans on upgrading to a new laptop. I have Windows 7 Pro SP1 installed and I was even figuring soon on upgrading my operating system to Windows 10 Pro ON THIS VERY PC!!!
 
So after hearing these two (2) critical vulnerabilities I checked with both Lenovo and Intel to see if there was a patch to update to secure my PC from these two (2) threats. I discovered NOT. Intel defers me to Lenovo as they are the maker and control the updates and such. I just discovered my PC was just outside the mainstream/extended support updates late this past year and now deemed EOL (End of Life).  
 
So without these important patches for my PC, I am now vulnerable with this PC! What can I do in order to assure malicious hackers using these two (2) design flaws do not compromise my PC without the patch fix(es)??? A good explanation is needed, please!
 
All I read online is “determine one’s vulnerabilities with running various tools” (I have done and found I am vulnerable.) and “how to patch instructions” one’s PC when ... Read more

A:How About Those Users That Can NOT Get Patches For Meltdown & Spectre?

If there are no patches there are no patches.  There is nothing to do in regard to either your OS if OS patches don't exist or BIOS/UEFI if those patches don't exist.
 
As to threat, one must always be aware that most hackers, except for those out to wreak havoc for "bragging rights" (and they're the minority), are targeting entities where either money can be extracted (ransomware) or some sort of major disruption can be had that the hacker desires.
 
Most individuals in this world are *extremely* unlikely to be the target of hacking in general.  There has to be some gain for the hacker and your PC or mine is generally not considered a payoff rich environment.
 
It is remotely possible that any one of us might be subject to attack due to these vulnerabilities.  It is not at all probable that any one of us will be if we're talking about our home PCs for personal use.

Read other answers
RELEVANCY SCORE 63.6

Security researchers have disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel, Advanced Micro Devices and ARM Holdings.
One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. - Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix. - "Phones, PCs, everything are going to have some impact, but it'll vary from product to product," Intel CEO Brian Krzanich said yesterday. 

A:Meltdown & Spectre Vulnerability..Any known way to prevent this?

Operating systems have to be patched. Linux patches are out now, Windows is expected to be patched Update Tuesday next week.
 
Patches and other mitigations have been released for Server versions of Windows:
 
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s
 
https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/

Read other 34 answers
RELEVANCY SCORE 63.6

Hello. I am curious if the Flex 2 and 3 series are vulnerable to the Spectre/meltdown vulnerabilities. I came across a Lenovo article with all the models and did not see Flex 2 and 3. https://support.lenovo.com/us/en/solutions/len-18282

Read other answers
RELEVANCY SCORE 63.6

Desktop: Dell XPS 8700, Windows 10 Professional, 64 bit, version 1709.  Avast Premier, Malwarebytes 3 Premium, all software up to date.
Laptop: Dell Inspiron 5537, Windows 10 Home, 64 bit, version 1703 (1709 has not yet been offered to this machine).  Avast Premier, Malwarebytes 3 Premium, all software up to date.
Both machines on a home network (Desktop via Ethernet cable, Laptop via WiFi) behind a Linksys EA2700 router.  Laptop is also used "on the road" and as such logs in automatically, via WiFi, to the office networks of a very few water agencies when I work there.  It is never used on any public network.
 
After Windows updates last night and (for laptop only) this afternoon, Desktop shows Cumulative Update KB 4056892 for 1709, Laptop shows Cumulative Update KB 4056891 for 1703
 
Am I correct in understanding that these "hotfix" updates include Microsoft's software patches intended to block the Meltdown and Spectre vulnerabilities?
 
If so, what other preventive steps are appropriate here?  BIOS/UEFI updates?  Patches to other software?  What else?
 
To the best of my recollection, the firmware on these computers has not been touched since they were new.  The desktop originally had Windows 7 Pro installed, and was upgraded directly to Win 10.  The laptop originally had Windows 8 installed, and was upgraded first to 8.1 and from there to Win 10.  Both machines have been kept fully updated at all times.

A:Meltdown/Spectre protection status?

If you wish to know the exact purpose(s) for any given Microsoft patch see the Microsoft Update Catalog and search on the KB number without any space between the 'B' and the digit sequence.
 
I know that Microsoft has pushed out the Spectre & Meltdown OS Patches for Intel processor systems and some AMD processor based systems and I believe the numbers you give are those patches.
 
You will need to check the support pages for your machines at the manufacturer's website to see when they release BIOS updates.  Only a very select few have done so as of today.  I'm expecting the BIOS updates to roll out over a period of weeks.
 
By the way, given the length of time that 1709 has been out you would not be acting prematurely in going to the Microsoft Windows 10 Download Page and using the Update Now button to trigger the Update Assistant for your machine still running version 1703.

Read other 18 answers
RELEVANCY SCORE 63.6

Specs:
Acer Aspire M3985 (2012)
PSU: XFX 550W
Windows 8.1
GPU: NVIDIA GTX 1070
CPU: Intel Core i7 3770
12 GB RAM
Motherboard: Intel B75
 
So I've been getting freezes/crashes when I'm gaming. I made a thread here: https://www.bleepingcomputer.com/forums/t/666843/pc-freezing-when-gaming/
 
The user usasma recommended to me that I'd also post here.
 
I've updated my BIOS from Acer but they haven't rolled out a new one yet for the bug. What can I do more to know if I'm secure?

A:How to check if im secure against the Spectre/Meltdown bug?

You will have to wait for the firmware update for your BIOS/UEFI with the microcode for your CPU.

Read other 1 answers
RELEVANCY SCORE 63.6

Hello all,
I was trying to get some information about preventing Spectre and Meltdown in a company environment but unfortunately, there was not much information about it.
What I`m trying to understand is if I have completely patched servers including hardware firewall do I need to basically upgrade the firmware of every working station in the company in order to prevent intrusions?
And if any workstation has been compromised will that expose data stored or any servers?
I generally know how temporary files works still I was wondering if they can represent them self through the working station as a regular user?
I would be grateful for your thoughts on this.
Many thanks,
Andy 
 

Read other answers
RELEVANCY SCORE 63.6

BIOS updates for Meltdown and Spectre - any info on when they will be ready/released?

Read other answers
RELEVANCY SCORE 63.6

Which systems are still being patched with Windows Updates for Spectre/Meltdown?
For example, I have a AMD Athlon II X2 B24 Processor 3.00GHz system running Windows 7. Am I okay to just let Windows Update do its thing, or is Microsoft not addressing this issue for certain, older systems?

Thanks,

Read other answers
RELEVANCY SCORE 63.6

Hello! In our company we are using Lenovo T470s laptops and we want to prepare a plan to deploy the fix for Spectre and Meltdown, I'm following the official Lenovo website and checking for updated information https://support.lenovo.com/dk/en/solutions/len-18282 Can anyone tell me what would be the best sproach to centrally patch all your clients?My first thought is to use SCCM, but maybe Lenovo already has some tool of it's own that we could utilize? Like the Lenovo System Update tool, coult it be an option? Can it be controlled via scripting?Please let me know your reccomendations? P.S.Does the T 470s have any safety feature for BIOS if remote BIOS flash would go wrong?

Read other answers
RELEVANCY SCORE 63.6

Looking through the list of downloads for Spectre/Meltdown here: https://support.lenovo.com/us/en/product_security/len-17297I see nothing for the M715q. I assume it isn't safe from these issues is it? Will it be getting a fix anytime soon?

Read other answers
RELEVANCY SCORE 63.6

Based on Microsoft's TechNet here...
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
I need to add these 3 keys to my servers.  Do I need to add these to my servers that are Server 2012s or are the keys only for Server 2012 R2?

Read other answers
RELEVANCY SCORE 63.6

Hello everybody, there is an offical Lenovo Advisory for Meltdown & Spectre in Combination with Lenovo Products:https://support.lenovo.com/nl/en/solutions/len-18282 But i can't find information about my Lenovo G550. Does anybody has further information?Do we will see an upgrade for our devices?

Read other answers
RELEVANCY SCORE 63.2

i'm told by various other forums and newsletters that along with the Microsoft update - installed yesterday - we also need a BIOS update (from manufacturers) with some kind of code from Intel, to fix the above flaws in our CPUs.
i searched the Toshiba downloads and updates page and the only BIOS updates are from 2012.
any news on Toshiba releasing a solution for this?

Read other answers
RELEVANCY SCORE 63.2

Will there be BIOS updates for the T410 to address the Meltdown and Spectre vulnerabilities?

A:T410 BIOS updates for Meltdown and Spectre

Good day and welcome to the community.Please watch this page: https://support.lenovo.com/us/en/solutions/len-18282 for developing information.
 
As this topic is being addressed in the Security forum: https://forums.lenovo.com/t5/Security-Malware/bd-p/Security_Malware please search and engage discussion there.
 
This thread is now locked to avoid duplication, which only splinters discussions.
Regards.

Read other 1 answers