Latest info on Spectre and Meltdown..

courtesy LXF newsdesk.

"...According to a timeline posted on The Verge (http://bit.ly/verge-spectre), Gruss, Lipp, Schwarz and Mangard discovered the fault late 2017, and on 3 December 2017 they had created a workable exploit for what would be called Meltdown, and contacted Intel. Intel already knew about the issue, but asked the team to keep quiet. It wasn't until the beginning of January 2018 that both the Spectre and Meltdown flaws were made public. ...

... The scale of the problem soon became apparent when it was revealed that all Intel CPUs with out-of-order execution since 1995 were potentially affected, apart from Intel Itanium microprocessors and pre-2013 Atoms. No AMD processors are affected by Meltdown and only certain very new ARM processors are (https://developer.arm.com/support/security- update)

... Apple was hesitant to reveal that its devices were at risk (its own ARM processor are affected), but it released MacOS 10.13.2 and iOS 11.2, which contain mitigations. For more details on Meltdown you can read the whitepaper at https://meltdownattack.com/meltdown.pdf.

[spectre] ... software patches for browsers and operating systems have been released that contain mitigations (because any attack using Spectre could likely use JavaScript). [https://spectreattack.com/spectre.pdf.

...make sure your devices are patched and up to date, and that any patches are from trusted sources. Malwarebytes discovered a fake Meltdown and Spectre patch that deposits 'smoke loader' malware on the victim's Windos machine - read more at http://bit.ly/smoke-loaders."

Microsoft to distribute Intel code for Spectre malware

https://www.theinquirer.net/inquirer/news/3027690/microsoft-will-help-to-distribute-intels-spectre-mitigating-firmware-updates

Hi, just found a useful blog and links to manual installation of MS patches and notice of the roll-up to Windows 7 SP1 due out on 1.4.2018 and links to Bleeping Computer site:

https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help#windows-updates

It also covers MacOS and GNU/Linux.

There is also useful link on how to enable First-Party-isolation in Firefox but you need to test against any sites you have passwords for that enabling may cause issues with:

https://www.ghacks.net/2017/11/22/how-to-enable-first-party-isolation-in-firefox/

Just when you thought Microsoft had nailed it:

https://www.theregister.co.uk/2018/04/03/microsoft_windows_meltdown_patch_saga/

Of note is the network kaibosh as a further issue with the patch/es! [see end of article]!

Just when you thought Microsoft had nailed it:

 

 

:

Meltdown & Spectre are probably just a minor issue for M$, the technical media reckon Windows 10 Version 1803 will be rolled-out around 10 April,

so make sure you have your data backed up.

Just when you thought Microsoft had nailed it:

 

https://www.theregister.co.uk/2018/04/03/microsoft_windows_meltdown_patch_saga/

 

Of note is the network kaibosh as a further issue with the patch/es! [see end of article]!

The info with patch 4099950 mentions that it should be applied BEFORE 4088875 ( Windows 7 ) .

Patch 4088875 needs patch 4100480 applying to prevent a priviledge escalation bug.

So sequence appears to be uninstall 4100480 then uninstall 4088875.

Then apply 4099950, re-apply 4088875 re-apply 4100480.

Easy ! , only 4088875 won't re-appear in the patch list after it's been removed !

I'm glad I've only got a couple of PC's to patch. The tech blokes at my Uni will probably need therapy after sorting this mess out on several thousand machines...