Microsoft has implemented Intel's advice to reverse the Specter 2 variant microcode patches.
Redmond released Saturday a rare off-cycle review on the weekend, to make the process possible.
Intel's first patch was so bad, it made many computers less stable, sending Linus Torvalds into a justifiable merger last week.
Chipzilla then removed the patch, but it made its way into a Microsoft fix, which the company pulled on Saturday.
"Our own experience is that system instability can in some circumstances cause data loss or corruption," writes Microsoft, adding, "We understand that Intel continues to investigate the potential impact of the current and current firmware version. encourages clients to review their recommendations to inform their decisions. "
This only applies to the Spectrum patch, Microsoft pointed out: "The application of this payload only specifically disables mitigation against CVE-2017-5715 - 'Branch Target Injection Vulnerability.'"
He noted that, as far as we know, nobody has changed the Specter 2 variant yet.
LinuxConf panel: embargo a "sh! T-show"
The manipulation of Specter and Meltdown was sharply criticized at LinuxConfAU last week in Sydney, Linux Foundation's technical advisory committee member Jonathan Corbet, complaining about the secrecy of events between the first private bug reports. January 2).
Instead of the disclosure processes used for most vulnerabilities, Corbet said, "This disclosure process was handled very differently," and no one explained why.
Corbet later added, "I would like the industry to stop all of this, so we can have the whole story and figure out how to do it better next time."
The developer Jess Frazelle said the disclosure could be improved by "not showing an absolute embargo", while Katie McLaughlin added that only the big cloud providers knew: "It seems like it's an exclusive club. do not know, and it's not really clear which lines should be informed. "
Sunday, 28 January 2018
Monday, 22 January 2018
Exclusive: U.S. sanctions curb Microsoft sales to hundreds of Russian firms
Two of Microsoft's official distributors in Russia have imposed restrictions on Microsoft software sales to more than 200 Russian companies following new US sanctions, according to reports distributed by distributors.
While US sanctions were aimed at regulating it, Russian distributors are showing that the more stringent restrictions that entered into force on November 28 are beginning to rage.
The new measures reduce the duration of loans that can be offered to Russian financial companies subject to sanctions on 14 days of 30 days and 60 days from 90 days for Russian energy companies on a list of US sanctions.
Previously, the restrictions related mainly to Western banks that lent to Russian companies, but with such short financing periods, large parts of companies that provide goods and services to Russian customers were afraid to also fall under the rules.
It is common in Russia that suppliers wait weeks or even months before they are paid after submitting their accounts for goods and services.
Some Western companies have been informed by lawyers that the US Treasury Department could, in theory, consider this as a financing in violation of sanctions, according to several people involved in the discussions.
One of Microsoft's two distributors, a Russian company named Merlion, said in its notification to partners that all sanctioned Microsoft licensing buyers must pay in tight deadlines, or even pay in advance in some cases.
The second distributor, RRC, said in his notification, as seen by Reuters, that "serious restrictions have been introduced" on orders from Microsoft by companies subject to US sanctions.
Merlion and the RRC called rules stemming from the new US sanction package - promulgated on August 2 for Russian involvement in Ukraine and cyber attacks - as the reason for further restrictions.
Merlion nor RRC answered questions from Reuters.
Microsoft said in a statement to Reuters: "Microsoft has a strong commitment to comply with legal requirements and has strong processes around the world to ensure that our partners also meet the requirements."
In response to questions from Reuters, a spokesperson from the US Treasury Department, which oversees enforcement of sanctions, referred to the published guidelines
The FACA (Foreign Abets Supervision Bureau) guidelines of the Treasury determine that US companies may enter into transactions with companies on the sanction list, provided that the payment conditions do not exceed the permitted duration of the loan.
"In the event that an American person is of the opinion that he / she can not receive full payment by the end of the relevant payment term, the US person must contact OFAC to determine whether a license or other authorization is required" .
"SECTORAL SANCTIONS"
The United States can impose a fine of $ 250,000 on offenders or double the amount of the transaction if it is larger. If offenders are found guilty of a deliberate offense, they can receive a fine of up to $ 1 million, or 20 years in prison, or both.
Microsoft did not answer Reuters' questions about whether it had initiated the restrictions introduced by two of its Russian distributors.
Microsoft mentions nine other official distributors of its main software products in Russia in the same category of partner companies as RRC and Merlion. A Softline declined to comment on whether it had introduced stricter payment rules. The others have not responded to Reuters requests for comments.
Reuters reported in October that software produced by Microsoft had been taken over by government agencies and companies in Russia and Crimea, despite sanctions that prevented US companies from doing business with them.
This case, and a number of similar reports reported by Reuters, revealed discrepancies between sanctions and their application.
The US government keeps two lists of companies that are subject to sanctions. Entities located in the United States are banned in virtually all forms of trade with companies included in the Nationalized Nationality Nationals (SDN) list of Washington.
A second list known as the sectoral penalty identification list (SSI) comprises 224 companies, mainly Russian companies, and their subsidiaries in the banking, energy and defense sectors, with financial constraints.
Among them are large Russian companies such as the oil giant Rosneft, natural gas producer Novatek and Sberbank, Russia's biggest money lender.
Although the credit rules for financial and energy companies have been tightened, the restrictions on the financing of Russian defense producers remained unchanged at 30 days, although new sanctions have tightened the penalties for violations.
While US sanctions were aimed at regulating it, Russian distributors are showing that the more stringent restrictions that entered into force on November 28 are beginning to rage.
The new measures reduce the duration of loans that can be offered to Russian financial companies subject to sanctions on 14 days of 30 days and 60 days from 90 days for Russian energy companies on a list of US sanctions.
Previously, the restrictions related mainly to Western banks that lent to Russian companies, but with such short financing periods, large parts of companies that provide goods and services to Russian customers were afraid to also fall under the rules.
It is common in Russia that suppliers wait weeks or even months before they are paid after submitting their accounts for goods and services.
Some Western companies have been informed by lawyers that the US Treasury Department could, in theory, consider this as a financing in violation of sanctions, according to several people involved in the discussions.
One of Microsoft's two distributors, a Russian company named Merlion, said in its notification to partners that all sanctioned Microsoft licensing buyers must pay in tight deadlines, or even pay in advance in some cases.
The second distributor, RRC, said in his notification, as seen by Reuters, that "serious restrictions have been introduced" on orders from Microsoft by companies subject to US sanctions.
Merlion and the RRC called rules stemming from the new US sanction package - promulgated on August 2 for Russian involvement in Ukraine and cyber attacks - as the reason for further restrictions.
Merlion nor RRC answered questions from Reuters.
Microsoft said in a statement to Reuters: "Microsoft has a strong commitment to comply with legal requirements and has strong processes around the world to ensure that our partners also meet the requirements."
In response to questions from Reuters, a spokesperson from the US Treasury Department, which oversees enforcement of sanctions, referred to the published guidelines
The FACA (Foreign Abets Supervision Bureau) guidelines of the Treasury determine that US companies may enter into transactions with companies on the sanction list, provided that the payment conditions do not exceed the permitted duration of the loan.
"In the event that an American person is of the opinion that he / she can not receive full payment by the end of the relevant payment term, the US person must contact OFAC to determine whether a license or other authorization is required" .
"SECTORAL SANCTIONS"
The United States can impose a fine of $ 250,000 on offenders or double the amount of the transaction if it is larger. If offenders are found guilty of a deliberate offense, they can receive a fine of up to $ 1 million, or 20 years in prison, or both.
Microsoft did not answer Reuters' questions about whether it had initiated the restrictions introduced by two of its Russian distributors.
Microsoft mentions nine other official distributors of its main software products in Russia in the same category of partner companies as RRC and Merlion. A Softline declined to comment on whether it had introduced stricter payment rules. The others have not responded to Reuters requests for comments.
Reuters reported in October that software produced by Microsoft had been taken over by government agencies and companies in Russia and Crimea, despite sanctions that prevented US companies from doing business with them.
This case, and a number of similar reports reported by Reuters, revealed discrepancies between sanctions and their application.
The US government keeps two lists of companies that are subject to sanctions. Entities located in the United States are banned in virtually all forms of trade with companies included in the Nationalized Nationality Nationals (SDN) list of Washington.
A second list known as the sectoral penalty identification list (SSI) comprises 224 companies, mainly Russian companies, and their subsidiaries in the banking, energy and defense sectors, with financial constraints.
Among them are large Russian companies such as the oil giant Rosneft, natural gas producer Novatek and Sberbank, Russia's biggest money lender.
Although the credit rules for financial and energy companies have been tightened, the restrictions on the financing of Russian defense producers remained unchanged at 30 days, although new sanctions have tightened the penalties for violations.
Monday, 15 January 2018
Microsoft has a master plan to change the world with a new line of super-thin, super-light PCs with cell service
When Microsoft released a new version of Surface Pro with an LTE cellular modem at the end of last year, it seemed a routine, long-awaited upgrade to Microsoft's flagship PC.
But at the Consumer Electronics Show (CES) in Las Vegas this year, Microsoft managers tell me that the Surface Pro with LTE is actually the first step towards a new future for the PC: a future where laptops have batteries of 20 hours, where you do not need a WiFi connection to connect - wherever you are.
Microsoft calls this "PC always connected" or "ACPC".
Terry Myerson, executive vice president of Microsoft's Windows and Devices Group, compares the rise of the CAAA with the massive upheaval that has occurred with the rise of cloud computing platforms such as Amazon Web Services. and Microsoft Azure.
"The network is going to the cloud, just like storage and computing," Myerson told Business Insider at CES.
In other words, Myerson suggests that cellular speeds become faster and faster, to the point where they can be faster for many people than WiFi connections at home or in the office. At this point, Myerson suggests, it would not even make sense to deal with WiFi - especially since the whole world is covered by the cellular signal.
And large PC manufacturers are coming for the ride. Last year, HP and Asus later announced ACPCs in 2018. And at CES this month, Lenovo announced the Miix 630 of $ 799, a lightweight ACPC with a Qualcomm ARM processor - not the processor Intel x86 has been powered by Windows machines for decades.
They will also face competition from Apple. The iPad Pro comes with an LTE modem and Apple sees the device as the future of the laptop. It means a battle between Microsoft and Apple for the future of the PC.
The big idea
Any PC that is still connected must meet a number of criteria, says Microsoft Vice President Matt Barlow.
The battery should last more than 13 hours with the battery and the usage time is "weeks" when not in use or in standby. It must have an LTE cellular modem. He must be thin and light. And it should use standard Windows 10 S, a version of the operating system that was released last year and that maximizes battery life and performance (with some compromises).
In short, the idea is that it is a PC that you can take anywhere. You do not have to worry about charging or finding a WiFi hotspot.
"[Always Connected PCs] brings together the best of mobile and the best of the Windows PC," says Barlow.
According to Barlow, this is in fact the lifetime of the battery, so many laptops can not be called ACPCs. A device can be thin and it can be lightweight, but if the battery life is not there, it will not cut the mustard.
The reason for the severity is that a device that meets all these criteria actually changes the way you use it, he says. You may not take a laptop with you when you are driving on the road because your battery might die and you may not be able to find Starbucks on the road to use Wi-Fi. But with a long battery life and continuous connectivity, you can be productive anywhere, he says.
"It changes where you pull it, where you would use it," Barlow said.
Promise and dangers
This is not the first time that Microsoft has walked this route. In 2012, Microsoft released the Surface RT tablet based on the ARM processor infrastructure. Although it does not offer mobile connectivity, the promise was similar: better battery life and solid performance in a slim, lightweight device.
It was a famous flop. Surface RT had a modified version of Windows called Windows RT, which could only run programs from the very limited Windows Store. There was literally no way to use a traditional Windows software designed for machines with Intel chips. In 2013, Microsoft has written off $ 900 million on Surface RT.
Microsoft CEO Erin Chapple tells us that her team has done a lot of technical work to ensure that this time is different.
Some ACPCs are powered by Intel processors and some, such as Lenovo, use ARM-based chips. But Microsoft has found a way that even ARM processors can run any Windows program, even those written with Intel. This means that ACCC users have access to all Windows software from the past and the present.
"I think we have shown that it is a different era and a different category," says Chapple.
Compromises and competition with Apple
The biggest consideration in CAAA is performance. Although these machines look great for your usual word processors, online chats and Netflix, the specifications are not really suitable for high-end gaming, video editing or any other CPU-intensive use.
"Connected PCs are in demand for users who need direct connectivity, the longest battery life, and are willing to sacrifice the ultimate performance," said Patrick Moorhead, Senior Analyst at Moor Insights & Strategy. .
It should also be noted that the same technology that makes older Windows software run on the ARM itself is CPU-intensive. This means that if you use ARM-based devices such as the Lenovo Miix 630, you may experience reduced performance when running certain software programs.
Chapple assures us that the difference is hardly noticeable in most real applications, depending on what you do. Games like "Minecraft" may work a bit slower than on another machine, she says, but if you use Microsoft Office or chat on Facebook, it will not make a big difference.
And finally, he has access to the vast world of Windows software, combined with the best features of tablets such as the iPad, which will make the difference, says Myerson. If you want something that helps you be productive with PC tools that you may already know, this is a Windows ACPC or a bust.
But at the Consumer Electronics Show (CES) in Las Vegas this year, Microsoft managers tell me that the Surface Pro with LTE is actually the first step towards a new future for the PC: a future where laptops have batteries of 20 hours, where you do not need a WiFi connection to connect - wherever you are.
Microsoft calls this "PC always connected" or "ACPC".
Terry Myerson, executive vice president of Microsoft's Windows and Devices Group, compares the rise of the CAAA with the massive upheaval that has occurred with the rise of cloud computing platforms such as Amazon Web Services. and Microsoft Azure.
"The network is going to the cloud, just like storage and computing," Myerson told Business Insider at CES.
In other words, Myerson suggests that cellular speeds become faster and faster, to the point where they can be faster for many people than WiFi connections at home or in the office. At this point, Myerson suggests, it would not even make sense to deal with WiFi - especially since the whole world is covered by the cellular signal.
And large PC manufacturers are coming for the ride. Last year, HP and Asus later announced ACPCs in 2018. And at CES this month, Lenovo announced the Miix 630 of $ 799, a lightweight ACPC with a Qualcomm ARM processor - not the processor Intel x86 has been powered by Windows machines for decades.
They will also face competition from Apple. The iPad Pro comes with an LTE modem and Apple sees the device as the future of the laptop. It means a battle between Microsoft and Apple for the future of the PC.
The big idea
Any PC that is still connected must meet a number of criteria, says Microsoft Vice President Matt Barlow.
The battery should last more than 13 hours with the battery and the usage time is "weeks" when not in use or in standby. It must have an LTE cellular modem. He must be thin and light. And it should use standard Windows 10 S, a version of the operating system that was released last year and that maximizes battery life and performance (with some compromises).
In short, the idea is that it is a PC that you can take anywhere. You do not have to worry about charging or finding a WiFi hotspot.
"[Always Connected PCs] brings together the best of mobile and the best of the Windows PC," says Barlow.
According to Barlow, this is in fact the lifetime of the battery, so many laptops can not be called ACPCs. A device can be thin and it can be lightweight, but if the battery life is not there, it will not cut the mustard.
The reason for the severity is that a device that meets all these criteria actually changes the way you use it, he says. You may not take a laptop with you when you are driving on the road because your battery might die and you may not be able to find Starbucks on the road to use Wi-Fi. But with a long battery life and continuous connectivity, you can be productive anywhere, he says.
"It changes where you pull it, where you would use it," Barlow said.
Promise and dangers
This is not the first time that Microsoft has walked this route. In 2012, Microsoft released the Surface RT tablet based on the ARM processor infrastructure. Although it does not offer mobile connectivity, the promise was similar: better battery life and solid performance in a slim, lightweight device.
It was a famous flop. Surface RT had a modified version of Windows called Windows RT, which could only run programs from the very limited Windows Store. There was literally no way to use a traditional Windows software designed for machines with Intel chips. In 2013, Microsoft has written off $ 900 million on Surface RT.
Microsoft CEO Erin Chapple tells us that her team has done a lot of technical work to ensure that this time is different.
Some ACPCs are powered by Intel processors and some, such as Lenovo, use ARM-based chips. But Microsoft has found a way that even ARM processors can run any Windows program, even those written with Intel. This means that ACCC users have access to all Windows software from the past and the present.
"I think we have shown that it is a different era and a different category," says Chapple.
Compromises and competition with Apple
The biggest consideration in CAAA is performance. Although these machines look great for your usual word processors, online chats and Netflix, the specifications are not really suitable for high-end gaming, video editing or any other CPU-intensive use.
"Connected PCs are in demand for users who need direct connectivity, the longest battery life, and are willing to sacrifice the ultimate performance," said Patrick Moorhead, Senior Analyst at Moor Insights & Strategy. .
It should also be noted that the same technology that makes older Windows software run on the ARM itself is CPU-intensive. This means that if you use ARM-based devices such as the Lenovo Miix 630, you may experience reduced performance when running certain software programs.
Chapple assures us that the difference is hardly noticeable in most real applications, depending on what you do. Games like "Minecraft" may work a bit slower than on another machine, she says, but if you use Microsoft Office or chat on Facebook, it will not make a big difference.
And finally, he has access to the vast world of Windows software, combined with the best features of tablets such as the iPad, which will make the difference, says Myerson. If you want something that helps you be productive with PC tools that you may already know, this is a Windows ACPC or a bust.
Thursday, 4 January 2018
Microsoft issues emergency Windows update for processor security bugs
Microsoft today releases a rare out-of-band security update for supported versions of Windows. The software update is part of a series of solutions that protect against a newly discovered processor error in Intel, AMD and ARM chipsets. Sources familiar with Microsoft projects tell The Verge that the company will release a Windows update that will automatically apply to Windows 10 machines today at 5:00 PM PT.
The update will also be available for earlier and compatible versions of Windows today, but systems running operating systems such as Windows 7 or Windows 8 will not be updated automatically through Windows Update until next Tuesday. Windows 10 will be updated automatically today.
While Microsoft is quickly fixing issues, patches will also be based on firmware updates from Intel, AMD, or other vendors being deployed. Some antivirus vendors will also need to update their software to work properly with the new patches, since the changes are related to kernel level access.
Firmware updates and hotfixes can slow down the execution of some systems. Sources familiar with the situation are telling The Verge that Skylake-based Intel processors or a newer architecture will not see any significant performance degradation. However, older processors could slow down more significantly due to firmware and software updates.
Intel says that any slowdown will depend on the workload, but the company has not explained how this will affect older machines. Microsoft is also planning to upgrade its cloud-based servers with the latest software and firmware patches, and these updates are in the process of being implemented.
The Verge understands that Google plans to document and disclose security breaches in processors at 5 pm. AND this day. The exact error seems to be related to how common applications and programs can discover the contents of protected areas in kernel memory. Operating system kernels have complete control over the entire system and link applications to the processor, memory and other hardware within a computer. There seems to be a flaw in modern processors that allow attackers to bypass kernel access protections so that regular applications can read the contents of kernel memory.
Software providers such as Microsoft and other Linux programmers protect this by separating the kernel memory from the user processes into what is called "kernel page table isolation". The Linux patches have been implemented in the last month and now Windows patches are in progress. available today.
Microsoft has confirmed the update of Windows in a statement:
The update will also be available for earlier and compatible versions of Windows today, but systems running operating systems such as Windows 7 or Windows 8 will not be updated automatically through Windows Update until next Tuesday. Windows 10 will be updated automatically today.
While Microsoft is quickly fixing issues, patches will also be based on firmware updates from Intel, AMD, or other vendors being deployed. Some antivirus vendors will also need to update their software to work properly with the new patches, since the changes are related to kernel level access.
Firmware updates and hotfixes can slow down the execution of some systems. Sources familiar with the situation are telling The Verge that Skylake-based Intel processors or a newer architecture will not see any significant performance degradation. However, older processors could slow down more significantly due to firmware and software updates.
Intel says that any slowdown will depend on the workload, but the company has not explained how this will affect older machines. Microsoft is also planning to upgrade its cloud-based servers with the latest software and firmware patches, and these updates are in the process of being implemented.
The Verge understands that Google plans to document and disclose security breaches in processors at 5 pm. AND this day. The exact error seems to be related to how common applications and programs can discover the contents of protected areas in kernel memory. Operating system kernels have complete control over the entire system and link applications to the processor, memory and other hardware within a computer. There seems to be a flaw in modern processors that allow attackers to bypass kernel access protections so that regular applications can read the contents of kernel memory.
Software providers such as Microsoft and other Linux programmers protect this by separating the kernel memory from the user processes into what is called "kernel page table isolation". The Linux patches have been implemented in the last month and now Windows patches are in progress. available today.
Microsoft has confirmed the update of Windows in a statement:
We are aware of this problem throughout the industry and have worked closely with chip manufacturers to develop and test mitigation measures to protect our customers. We are implementing mitigation measures for cloud services, and we have also released security updates to protect Windows clients from vulnerabilities affecting Intel, ARM, and AMD compatible hardware chips. We received no information that these vulnerabilities were used to attack our customers.
Subscribe to:
Posts (Atom)