glnz Posted January 3, 2018 Author Share Posted January 3, 2018 I suppose this is off-topic. Maybe everything I know is off-topic. I watch GIveAwayOfTheDay, and this one might actually be useful. But will it work on XP? https://www.giveawayoftheday.com/spideroak-one-7-0-free-5gb-of-cloud-storage-lifetime-plan/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+giveawayoftheday%2Ffeed+(Giveaway+of+the+Day) Does anyone care to try? Link to comment Share on other sites More sharing options...
cc333 Posted January 3, 2018 Share Posted January 3, 2018 (edited) 24 minutes ago, FranceBB said: A new security flaw has been discovered; it affects CPUs and it's bad... like, really bad... "Details of the flaw and how it might be exploited are being kept strictly under wraps while programmers rush to redesign operating systems including Windows and Linux to work around the bug. Calcs executed by the CPU may not necessarily remain hidden between the Kernel, the HAL and the CPU itself and an attacker might be able to steal passwords or other key information from the kernel. Operating system vendors are making fairly significant changes to work around this issue. This is going to be one of the most complex security updates any OS vendor has ever had to deliver." Yes, I've been following that, as Macs are 100% affected as well as virtually *all* PCs (I use mainly Macs for day-to-day stuff). What a *great* way to start the new year, with a computer apocalypse!! Be that as it may, POS 2009 will likely see a fix for this, but since it's so big, will it work on plain XP? On the other hand, since it requires an almost complete rewrite of the kernel's address space handling, maybe MS will decide to EOL POS 2009 two years early? c Edited January 3, 2018 by cc333 Link to comment Share on other sites More sharing options...
SD73 Posted January 3, 2018 Share Posted January 3, 2018 1 hour ago, FranceBB said: A new security flaw has been discovered; it affects CPUs and it's bad... like, really bad... "Details of the flaw and how it might be exploited are being kept strictly under wraps while programmers rush to redesign operating systems including Windows and Linux to work around the bug. Calcs executed by the CPU may not necessarily remain hidden between the Kernel, the HAL and the CPU itself and an attacker might be able to steal passwords or other key information from the kernel. Operating system vendors are making fairly significant changes to work around this issue. This is going to be one of the most complex security updates any OS vendor has ever had to deliver." This is a big one. The only silver lining is AMD aren't affected and CPU's older than 10 years may not be either. My XP machine is in the secpmd category, but my other PC's are more recent Intels. It'll be interesting to see how this plays out. Link to comment Share on other sites More sharing options...
Mcinwwl Posted January 4, 2018 Share Posted January 4, 2018 New reports show AMD is also affected ^^ 'Other processors' are also suggested, which may mean some vendors providing hardware for industrial systems, that normal people never see. Or maybe vulnerability was exploitable on old Cyrix processor on Windows XP? Don't know. I suggest keeping tight to the news, as more and more details pop up, and major media most likely will end on quick note reprinting top google search (It ended this way with WannaCry). As for how does it affect XP and POSReady, we can expect M$ to drop patches on us during next Tuesday, and then we'll know. 2 Link to comment Share on other sites More sharing options...
Destro Posted January 4, 2018 Share Posted January 4, 2018 2 hours ago, Mcinwwl said: New reports show AMD is also affected ^^ 'Other processors' are also suggested, which may mean some vendors providing hardware for industrial systems, that normal people never see. Or maybe vulnerability was exploitable on old Cyrix processor on Windows XP? Don't know. I suggest keeping tight to the news, as more and more details pop up, and major media most likely will end on quick note reprinting top google search (It ended this way with WannaCry). As for how does it affect XP and POSReady, we can expect M$ to drop patches on us during next Tuesday, and then we'll know. AMD is officially not affected, but because they may implement a blanket fix there is speculation that the fix may slow down amd cpus as well even though they do not contain the bug. Link to comment Share on other sites More sharing options...
heinoganda Posted January 4, 2018 Share Posted January 4, 2018 (edited) On 2.1.2018 at 10:44 PM, Mcinwwl said: If you have goodlink for Avast offline install for 17.5.3585.0, paste it here, so lamers like me can have easy job. Starting with Avast version 17.4.3482.0, the offline installer only works with online connection on Windows XP and Vista. Here the network connection must be disconnected at the right time during the installation, otherwise the latest version of Avast will be updated. No easy venture! Avast is aware of the bugs that occur on Windows XP and is working on an update for version 17.9.3761.0! 3 hours ago, Mcinwwl said: New reports show AMD is also affected ^^ 'Other processors' are also suggested, which may mean some vendors providing hardware for industrial systems, that normal people never see. Or maybe vulnerability was exploitable on old Cyrix processor on Windows XP? Don't know. I suggest keeping tight to the news, as more and more details pop up, and major media most likely will end on quick note reprinting top google search (It ended this way with WannaCry). As for how does it affect XP and POSReady, we can expect M$ to drop patches on us during next Tuesday, and then we'll know. 1 hour ago, Destro said: AMD is officially not affected, but because they may implement a blanket fix there is speculation that the fix may slow down amd cpus as well even though they do not contain the bug. For Intel processors that include the virtualization feature VT x technology there is a vulnerability. Furthermore, according to Google, AMD (restricted) and ARM processors are vulnerable. There are two attack scenarios developed by security experts that were baptized Specter and Meltdown respectively. Edited January 4, 2018 by heinoganda Link to comment Share on other sites More sharing options...
Destro Posted January 4, 2018 Share Posted January 4, 2018 (edited) https://wccftech.com/intel-affected-by-critical-kernel-bug-amd-hit/ Edited January 4, 2018 by Destro Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted January 4, 2018 Share Posted January 4, 2018 https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/ Link to comment Share on other sites More sharing options...
Dave-H Posted January 4, 2018 Share Posted January 4, 2018 Just got the update on my Windows 10, which just uses the built-in Windows Defender. It will be interesting to see if we get another update in a weeks time when it should have been! No sign of anything for POSReady/XP as yet on Microsoft Update. Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted January 4, 2018 Share Posted January 4, 2018 The patch is not enough. My pc (W.10 Home): https://www.wilderssecurity.com/threads/kernel-memory-leaking-intel-processor-design-flaw-forces-linux-windows-redesign.399338/page-5#post-2729058 Link to comment Share on other sites More sharing options...
Dave-H Posted January 4, 2018 Share Posted January 4, 2018 Well I'm not holding my breath for any patches for my 2009 motherboard and processors! Link to comment Share on other sites More sharing options...
heinoganda Posted January 4, 2018 Share Posted January 4, 2018 Let's wait until the official patchday. For another, a BIOS update is needed depending on the hardware. Especially with older hardware, this could be a problem. There are some virus scanner issues with the custom kernel. On the other hand, not all gaps are closed with the current emergency patches. Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted January 4, 2018 Share Posted January 4, 2018 Waiting for the Firefox ESR patch to better enable: https://www.ghacks.net/2017/11/22/how-to-enable-first-party-isolation-in-firefox/ Link to comment Share on other sites More sharing options...
heinoganda Posted January 4, 2018 Share Posted January 4, 2018 Look at the electric garbage mountains grow. MS already sees the $ signs in front of the eyes. The stupid is once again the consumer. Who thinks about new hardware at this time, comes from the rain in the eaves. Update 01/05/2018: Have looked in my crystal ball, probably the following updates (based on the published updates for Server 2008 on January 3, 2018) will appear for POSReady: Available since 01/05/2018 KB4056941KB4056944KB4056942KB4056759 Available since 01/05/2018 KB4056615 (Kernel and NTFS file system update / CVE-2018-0748)KB4056568 (Cumulative security update for Internet Explorer) The beginning is done, the rest will probably be released no later than Tuesday! http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/12/windowsxp-kb4056941-x86-embedded-enu_24ebcc41e3f03048c25cf02d8d8ab6107479aabd.exe http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/12/windowsxp-kb4056615-x86-embedded-enu_2ce39329b6854ba3fb28eba1847a15a39c4709be.exe Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted January 5, 2018 Share Posted January 5, 2018 (edited) Firefox ESR is already protected: https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/ Only in part? Will there be a need for a new version? Edited January 5, 2018 by Sampei.Nihira Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now