Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Microsoft AMD Security

Microsoft Pauses Rollout of Spectre and Meltdown Patches To AMD Systems (betanews.com) 100

Microsoft is suspending patches to guard against Meltdown and Spectre security threats for computers running AMD chipsets after complaints by AMD customers that the software updates froze their machines. From a report: The company is blaming AMD's failure to comply with "the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown." There's no word on when the patches will be fixed, but Microsoft says that it is working with AMD to address the problem.
This discussion has been archived. No new comments can be posted.

Microsoft Pauses Rollout of Spectre and Meltdown Patches To AMD Systems

Comments Filter:
  • by HalAtWork ( 926717 ) on Tuesday January 09, 2018 @09:50AM (#55893073)

    It seems like MS could have some sort of lab with various configurations of relatively recent hardware where they can test updates they deem ready for production.

    • by mwvdlee ( 775178 )

      It seems like a company such as MS would benefit greatly from having a unique hardware configuration for each employee.
      It might be a PITA for their deployment systems but then again, they're selling those too!

      • Speaking to users with multiple configs I'm surprised the insiders did not help catch this either

    • by thegarbz ( 1787294 ) on Tuesday January 09, 2018 @10:40AM (#55893445)

      It seems like MS could have some sort of lab with various configurations of relatively recent hardware where they can test updates they deem ready for production.

      They did. Today. Their beta testers found a bug and the rollout stopped. Just because their lab is the size of a planet doesn't change the fact that they are testing their high quality software releases.

  • Why Meldown? (Score:2, Insightful)

    The only commercially available chips susceptible to Meltdown are Intel chips. Why is a Meltdown patch being pused to AMD systems? They aren't affected.
    • The only commercially available chips susceptible to Meltdown are Intel chips. Why is a Meltdown patch being pused to AMD systems? They aren't affected.

      Incompetence.

      • Ah makes sense, seems to be contagious! Microsoft and Intel. What a team.
      • by Anonymous Coward

        AFAIK, the patch is intended to also partially mitigate Spectre, which does affect AMD processors.

        In any case, stop feeding that troll 110010001000.

      • Maintaining multiple kernels would confuse and potentially invalidate entire suites of compatibility tests. Picking and choosing which kernel to install at update is a risk, as would be testing other software for security, performance, and bugs with distinct runtime kernels running on distinct hardware. The list of issues grows the more you examine software validation for such a critical component as a kernel.

        • That's mostly how I understand it; it's just not practical yet to pick and choose. Better to cover all cases now and figure it out when we have time.

          From my understanding, it's not even incompetence that brought this about in the first place. Lack of foresight more than anything else. No one imagined trying an exploit like these until recently. Unless they have, but have been keeping it quiet, much like the Allies kept the cracking of Enigma quiet...

          • From my understanding, it's not even incompetence that brought this about in the first place. Lack of foresight more than anything else. No one imagined trying an exploit like these until recently. Unless they have, but have been
            keeping it quiet, much like the Allies kept the cracking of Enigma quiet...

            People did more than imagine. They wrote research papers on this very topic over a decade ago about the very thing the spectre ghost is holding in its hand.

            https://eprint.iacr.org/2006/2... [iacr.org]

          • > No one imagined trying an exploit like these until recently.

            I'm afraid that this is not true. I'm following an intriguing discussion of similar side-channel attacks on Multics systems on GE hardware in roughly 1970. It's not a new problem. I've been trying to explain repeatedly to some colleagues while reviewing these attacks that doing "speculative compilation" is very appealing at first glance, but the work involved in doing it is not free. Security risks and maintenance of the resources are critical

    • Re: Why Meldown? (Score:3, Interesting)

      by Anonymous Coward

      On the Linux side, didn't Intel supply much of the Meltdown mitigation, pushing it on all CPUs? And then AMD had to add a patch to exempt their processors?

      Wouldn't be surprised if Intel did a lot of the behind-the-scenes work for Microsoft here, and they just sort of accepted it without sufficient testing.

    • pay for by intel the same one who pay to may 1p epyc board be MIA. as well killing ryzen pro boards with IPMI.

    • by AvitarX ( 172628 )

      Because MS keeps only one current version of Windows for x86, so if computers with AMD processors are to be kept current the patch will need to be applied.

      • What? That doesn't make sense. Are you suggesting the Windows builds for AMD and Intel are binary equivalent?
        • by AvitarX ( 172628 )

          Yes, I assume that like Linux Distros, the official kernel is not CPU specific.

          I also assume this because I am running an Intel CPU on this computer, and my ntoskernl.exe comes from the folder "amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.15063.850_none_013717dd1a7ed72f", I assume that if they kept different binaries, they wouldn't use AMD branding for the Intel binary, and just call it Intel x86-64 or some such.

          Do you have any reason to think otherwise?

        • One reason for binary equivalency would be that if I buy a new motherboard or new computer, I should be able to take the hard drive from my old PC and drop it into my new one. Now that's not to say that there might not be driver diffs, but they would presumably be self-contained modules, loadable at boot time.

    • Comment removed (Score:5, Interesting)

      by account_deleted ( 4530225 ) on Tuesday January 09, 2018 @10:17AM (#55893313)
      Comment removed based on user account deletion
      • by haruchai ( 17472 )

        "a bunch of garbage 945 chipsets with the "Vista Capable" fiasco"

        It was even worse than that. It was the entry-level 915 which couldn't paint a postage stamp in alternating black & white stripes to save its life.

        • by _merlin ( 160982 )

          The GMA950 was pretty bad. As well the performance being abysmal (sucking up RAM bandwidth from the already-starved CPU), it would cause kernel panics on and iBook running OSX when an external monitor was connected. They were terrible GPUs.

        • Comment removed based on user account deletion
    • Really what it comes down to, is that someone will be inconvenienced. Microsoft chose you, instead of themselves - they don't want to maintain two kernels for the same architecture and double all their QA test plans for basically forever.

      So the question you should ask yourself, is why you chose Microsoft.

      • by jwhyche ( 6192 )

        So the question you should ask yourself, is why you chose Microsoft.

        Because all the games and most of the software I want to run is Windows only. An none of the games have linux counterparts.

        Any other questions?

    • According to AMD, AMD is vulnerable to one variant of the attack, and possibly vulnerable to a second variant.

      http://www.amd.com/en/corporat... [amd.com]

  • AMD? (Score:5, Interesting)

    by Anonymous Coward on Tuesday January 09, 2018 @09:58AM (#55893149)

    So, the problem is that AMD failed to comply with the documentation for the Intel bug? Perhaps "failed to comply" is just MS-speak for "failed to implement the bug"...

    • by mOzone ( 1447147 )

      other then newest cpu's ...AMD cpus didn't change realy for 4+ years fx4300s-FX95XX not a huge secret to Microsoft ..AM3 motherboards and configs have to be known to them for 4+ years also ..Microsoft screwed up

  • Wintel at work.

  • Amazing the company that does it right and is not vulnerable to "Meltdown" in the first place is being actively punished for that fact.

You know you've landed gear-up when it takes full power to taxi.

Working...