GRC Releases Test Tool – Spectre and Meltdown Vulnerabilities

Ron Czapala

https://leeneubecker.com/grc-releases-test-tool-spectre-and-meltdown-vulnerabilities/

Gibson Research Corporation released a wonderful test tool that will help you to determine if your workplace or home computer is properly secured against Intel microprocessor vulnerabilities (Spectre & Meltdown) that I have been harping about for the last year. See related posts..

I encourage everyone to download the tool from their website and run the tool to see if your computer is vulnerable. If so, patching of your computers isn’t happening shortly after Microsoft’s monthly release of their security updates. This month, Microsoft rush the release of some of their updates given the severity of the current vulnerabilities fully disclosed to the public.

You may download the tool from https://www.grc.com/inspectre.htm (Make sure you see the green locked bar in your browser when you are downloading. Microsoft Internet Explorer users may receive a false warning about this site having malware. That is a misclassification largely relating to the IT security tools GRC has on its websites.

You may get a notice that says Meltdown is patched but your computer is still vulnerable to Spectre. If you get that message, scroll down to see if it says you at least have operating system protection. Ideally you will have protection applied both at the Operating system level (Windows) and within your hardware’s firmware. Some hardware makers have yet to release firmware updates for motherboards to patch the flaw on the chip. Operating system protection provides some level of mitigation...

https://grc.com/inspectre.htm

Heater.

I thought you were writing that Ron, but it's all a quote from the linked article.

I don't see how the author could have been "harping" on about theses vulnerabilities for the last year. They were not know until Christmas 2017.

I'm inclined to not download any random executables from sites I have never heard of on the advice of someone that sounds like a scharlatan.

Ron Czapala

Gibson research is actually a well known, respected website. Their ShieldsUp test is great for testing for open ports, etc - I've used it for years...

PS - I edited my original post to put the text in quotes ...

Ron Czapala

https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

https://newsroom.intel.com/news/latest-intel-security-news-updated-firmware-available/

Facts About the New Security Research Findings and Intel® Products

On January 3, 2018 a team of security researchers disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with many different vendors’ processors and operating systems.

Intel is committed to product and customer security and to coordinated disclosure. We worked closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to mitigate this issue promptly and constructively.

Intel microcode revision guidance april 2 2018

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

Heater.

Ah, OK. I would not know. Only been living in the Windows world for 18 months.

Port scanning is something one does with nmap isn't it?

Ron Czapala

Heater. wrote: »

Ah, OK. I would not know. Only been living in the Windows world for 18 months.

Port scanning is something one does with nmap isn't it?

Not familiar with nmap but it sounds similar. Gibson Research test is web-based so it tries to access your ports and tells you about vulnerabilities...

---

Check the "InSpectre in the News" section at https://www.grc.com/inspectre.htm
PC World, Windows Central, etc mention the GRC InSpectre tool

Heater.

News just in: Intel will never fix some of its old processors microcode for Spectre and/or Meltdown:

https://www.bleepingcomputer.com/news/hardware/intel-reveals-some-cpu-models-will-never-receive-microcode-updates/