• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0

InSpectre : GRC.com Spectre & Meltdown testing tool

Question

+warwagon    11,366

InSpectre

27933699889_eb3e9cb835_o.jpg

 

https://www.grc.com/dev/InSpectre.exe

 

Steve Gibson has recently created a new tool to run on a system to inform you whether or not a system is vulnerable to Meltdown or Spectre. At the moment it's in the testing phase, but it's getting closer to the final. You can still test it out.

 

 

  • Like 3

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0
+Mando    5,113
12 minutes ago, DevTech said:

Yeah sorry, I just got stupidly cranky.

 

What other options really exist when social factors create a giant consensual delusion and nobody tracks it out far enough to see the eventual consequences. When all that gets figured out in the end, however long that takes, the reality is that there will just be another set of patches to fix the mess caused by this set of patches...

 

no need to apologise buddy :) 

 

I do agree though, due to the press blowing it out of all proportion, its getting silly with some aspects, heck i was in an infosec call last week, and one very senior member of staff stated, its like Y2k all over again, all a storm in a T-cup...I had to bite my tongue as Y2k wasnt a major event due to all the pre-emptive work! They were happy knowing SEP claims to protect against the attack vector, so it was a non-starter...right because SEP never suffers from 0 day exposure and lack of protection....throw in their "eraser" engine update making a mess out of anything newer than W7 with the KBs installed.....you dont just put the SEP latch on the front door, but leave your inner lockable door wide open......

 

Belt N Braces, Belt n Braces!

  • Like 2

Share this post


Link to post
Share on other sites
  • 0
+warwagon    11,366
3 hours ago, Mando said:

Kudos to Kevin Beaumont for this matrix, its not mine. Lots of direct links to different vendors and patch status.

 

https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true

 

1

Can confirm Secureaplus which is not on that list is compatible. 

Share this post


Link to post
Share on other sites
  • 0
+goretsky    877

Hello,

 

The reason for making the patch "triggerable" (for lack of a better term) on Windows Server is because the changes made to the operating system to patch the Meltdown (CVE-2017-5754) vulnerability can greatly increase the time required to perform certain operations for which servers are often used.  Because of this, Microsoft has presented the IT and Security folks with a choice:  If they feel the system is well-secured, runs trusted code and is not used in a multi-tenancy scenario, they can omit the patch in exchange for maintaining performance.

 

Because the security posture of each enterprise is different, because servers can be used in so many roles, and because the performance impact of the patch can vary tremendously, Microsoft has given its customers the option to decide on which servers to enable patch functionality.

 

By the way, the researchers at ESET have been keeping track of security announcements, bulletins and notifications related to the Spectre (CVE-2017-5715, CVE-2017-5754) and Meltdown (CVE-2017-5754)  vulnerabilities and have identified 240+ so far.  Complete list at https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/#vendors

 

Regards,

 

Aryeh Goretsky

 

  • Like 3

Share this post


Link to post
Share on other sites
  • 0
SpeedyTheSnail    926

*Awaiting Microsoft to release a quality patch for Windows 7*.

 

/Doesn't hold breath because they want everybody on Win10.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.