I didn't say _I_ believed them. :-) I think all of these are gonna get hit this month. Already script kiddies on twitter showing they've figured it out...
-----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Wednesday, January 3, 2018 10:42 PM To: ntsysadm Subject: Re: [NTSysADM] Oh, this one really hurts... Close to zero? Any bets on when this year someone publishes a PoC? Kurt On Wed, Jan 3, 2018 at 7:25 PM, Michael B. Smith <mich...@smithcons.com> wrote: > Win10 (and Server 1709) patch is out: > https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892 > > Note that it only installs if the A/V vender has updated their engine! (Or > you are using Windows Defender.) > > There are 3 bugs according to Google. AMD is vulnerable to only one of them > and AMD says that the chances of that bug being hit are close to zero. > > -----Original Message----- > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Kurt Buff > Sent: Wednesday, January 3, 2018 8:12 PM > To: ntsysadm > Subject: Re: [NTSysADM] Oh, this one really hurts... > > No, it's not trivial. And I have to believe it's going to be cloud > providers who are hardest hit, initially. > > First, MSFT is releasing a patch for Win10 today: > https://www.theverge.com/2018/1/3/16846784/microsoft-processor-bug-windows-10-fix > > Second, it's not just Intel - it seems to also affect AMD and ARM64: > https://newsroom.intel.com/news/intel-responds-to-security-research-findings/ > > But AMD says it's not vulnerable: > https://lkml.org/lkml/2017/12/27/2 > > And, now it's *two* bugs, not just one: > https://meltdownattack.com/ > > And lastly, these flaws, along with this: > https://www.thezdi.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor > > make me more leery than ever of cloud services... > > Kurt > > On Wed, Jan 3, 2018 at 4:39 PM, Mark Gottschalk <mgo...@2roads.com> wrote: >> "...The effects are still being benchmarked, however we're looking at a >> ballpark figure of five to 30 per cent slow down, depending on the task and >> the processor model..." >> >> PostgreSQL: 10%-23% slowdown. >> >> Wow. That is not trivial. >> >> >> >> >> From: Kurt Buff <kurt.b...@gmail.com> >> To: ntsysadm <NTSysADM@lists.myitforum.com>, Patch Management Mailing >> List <patchmanagem...@listserv.patchmanagement.org> >> Date: 01/02/2018 06:59 PM >> Subject: [NTSysADM] Oh, this one really hurts... >> Sent by: <listsad...@lists.myitforum.com> >> ________________________________ >> >> >> >> "A fundamental design flaw in Intel's processor chips has forced a >> significant redesign of the Linux and Windows kernels to defang the >> chip-level security bug." >> >> http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ >> >> >> >> > >