InSpectre : GRC.com Spectre & Meltdown testing tool

[DevTech]

46 minutes ago, Mando said:

im finding matrixes like this invaluable to catalogue what fixes to kit under my remit will require, awaiting parents corp official response to addressing it, meanwhile im collating info to help myself when they do respond.

Yeah sorry, I just got stupidly cranky.

 

What other options really exist when social factors create a giant consensual delusion and nobody tracks it out far enough to see the eventual consequences. When all that gets figured out in the end, however long that takes, the reality is that there will just be another set of patches to fix the mess caused by this set of patches...

 

[Mando]

12 minutes ago, DevTech said:

Yeah sorry, I just got stupidly cranky.

 

What other options really exist when social factors create a giant consensual delusion and nobody tracks it out far enough to see the eventual consequences. When all that gets figured out in the end, however long that takes, the reality is that there will just be another set of patches to fix the mess caused by this set of patches...

 

no need to apologise buddy  

 

I do agree though, due to the press blowing it out of all proportion, its getting silly with some aspects, heck i was in an infosec call last week, and one very senior member of staff stated, its like Y2k all over again, all a storm in a T-cup...I had to bite my tongue as Y2k wasnt a major event due to all the pre-emptive work! They were happy knowing SEP claims to protect against the attack vector, so it was a non-starter...right because SEP never suffers from 0 day exposure and lack of protection....throw in their "eraser" engine update making a mess out of anything newer than W7 with the KBs installed.....you dont just put the SEP latch on the front door, but leave your inner lockable door wide open......

 

Belt N Braces, Belt n Braces!

[+Warwagon MVC]

3 hours ago, Mando said:

Kudos to Kevin Beaumont for this matrix, its not mine. Lots of direct links to different vendors and patch status.

 

https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true

 

1

Can confirm Secureaplus which is not on that list is compatible. 

[goretsky Supervisor]

Hello,

 

The reason for making the patch "triggerable" (for lack of a better term) on Windows Server is because the changes made to the operating system to patch the Meltdown (CVE-2017-5754) vulnerability can greatly increase the time required to perform certain operations for which servers are often used.  Because of this, Microsoft has presented the IT and Security folks with a choice:  If they feel the system is well-secured, runs trusted code and is not used in a multi-tenancy scenario, they can omit the patch in exchange for maintaining performance.

 

Because the security posture of each enterprise is different, because servers can be used in so many roles, and because the performance impact of the patch can vary tremendously, Microsoft has given its customers the option to decide on which servers to enable patch functionality.

 

By the way, the researchers at ESET have been keeping track of security announcements, bulletins and notifications related to the Spectre (CVE-2017-5715, CVE-2017-5754) and Meltdown (CVE-2017-5754)  vulnerabilities and have identified 240+ so far.  Complete list at https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/#vendors

 

Regards,

 

Aryeh Goretsky

 

[Gone]

*Awaiting Microsoft to release a quality patch for Windows 7*.

 

/Doesn't hold breath because they want everybody on Win10.