InSpectre Meltdown and Spectre Check tool released by GRC

[HEXUS]

Gibson Research Corporation tool is quick and easy to understand. Includes patch toggles.

Read more.

[Firejack]

Handy little application. Will make it much easier checking the inevitable flood of friends/family PC's

[philehidiot]

Assembly? Wow, the authour should apply for a job with NASA. They're struggling to find people to send updated code / instructions in assembly to the Voyager probe as all the people who coded it are either dead or retired.

[DDY]

RIP headphone users.

[aniilv]

Vulnerable to spectre, no performance degradation - w10, 4790k
Can't imagine my super old but great b85 board will have any updates.

Vulnerable to spectre, with performance degradation - w7, i5 430m
Obviously since its a laptop, no bios updates.

What now?

[LSG501]

Vulnerable to spectre, no performance degradation - w10, 4790k
Can't imagine my super old but great b85 board will have any updates.

This is basically my situation although I'm using a z97 motherboard which hasn't had an update for over 2 years iirc and the cpu is 'end of line'.... yet the cpu is far from 'eol' in terms of performance and usability so I'm now needing to wait to see if we get updates made available by the motherboard manufacturer (asrock in my case) after Intel vowed they'll 'protect' cpu's from the last 5 years...

[shaithis]

If you have a UEFI motherboard and a Haswell/IB-E or newer intel chip, you can patch the new microcode into your BIOS yourself.

Intel hasn't released the older microcodes yet, not sure if they are going to either.

New microcodes are extractable from the new Linux microcode update and you can create a custom BIOS using "UEFI BIOS Updater"

[ik9000]

I have a glorious i7-870 and it is still fine for my needs. No chance of that getting a new microcode or mobo BIOS update from Asus though is there?

[LSG501]

If you have a UEFI motherboard and a Haswell/IB-E or newer intel chip, you can patch the new microcode into your BIOS yourself.

Intel hasn't released the older microcodes yet, not sure if they are going to either.

New microcodes are extractable from the new Linux microcode update and you can create a custom BIOS using "UEFI BIOS Updater"

so we might be able to but I'd rather not do something which has the potential to brick my motherboard...

[aidanjt]

Assembly? Wow, the authour should apply for a job with NASA. They're struggling to find people to send updated code / instructions in assembly to the Voyager probe as all the people who coded it are either dead or retired.

Sadly knowing assembly isn't enough, you also have to learn the probe's complete system architecture, and understand the existing codebase, and unsurprisingly, nobody is doing that.

[ohmaheid]

I'm vulnerable to both Meltdown AND Spectre. :-(( Looks like an AMD upgrade for me then.

[ohmaheid]

As an aside...I had no idea Gibson Research was still in business. I've rescued a fair few Hard -disks using Spinrite in the old days.
Well done Steve.

[cheesemp]

Looks like my old Gigabyte motherboard will never get the Spectre fix (GA-Z77-DS3H). That's rubbish - no cash to replace it. Guess I'll just have to hope it is hard to exploit on an updated OS+Browser. Thankfully I don't do anything serious on it.

[scaryjim]

Just checked the lenovo website and the updated BIOS for my work laptop has been up there for almost 2 weeks ... guess I should install that really

EDIT: welp, new BIOS installed but still vulnerable to Spectre, apparently. It only addressed one of the CVEs for that...

[Corky34]

Looks like my old Gigabyte motherboard will never get the Spectre fix (GA-Z77-DS3H). That's rubbish - no cash to replace it. Guess I'll just have to hope it is hard to exploit on an updated OS+Browser. Thankfully I don't do anything serious on it.

I'm in the same boat only with an even older motherboard, although, perhaps foolishly, I've disabled the Windows Meltdown protection as given the choice between less performance and (afaik) meltdown needing local access there's a near zero chance of that exploit effecting me, to be effected by Spectre would require (afaik) the same local access or myself running or visiting a malicious web site and from what i can tell my web browser protects against the latter so that just leave me being stupid enough to run malicious software.

[DanceswithUnix]

I'm in the same boat only with an even older motherboard, although, perhaps foolishly, I've disabled the Windows Meltdown protection as given the choice between less performance and (afaik) meltdown needing local access there's a near zero chance of that exploit effecting me, to be effected by Spectre would require (afaik) the same local access or myself running or visiting a malicious web site and from what i can tell my web browser protects against the latter so that just leave me being stupid enough to run malicious software.

Spectre requires a malicious advert to provide some javascript. You would hope an ad-blocker would fix that, but it feels delicate. There are supposed to be browser updates to fix it at very low performance penalty, but I don't know if those are out yet.

So far I am just deploying patches as they arrive and otherwise not worrying about it.

According to the spectre-meltdown-checker.sh I downloaded a while back this Linux box is protected against Meltdown now and it doesn't *feel* worse for it. But then I spend most of my time just checking stuff in VI rather than compiling or similar.

I gather Microsoft are relying on motherboard vendors to update microcode in the BIOS, hopefully Linux distros will provide the microcode update as this old MB is well past it's support date.