Newly discovered CPU bug may cause processor performance issues.

It's a very complicated issue. The short of it - we likely won't be impacted, the functions that could be slowed with any future patching are not the types of instructions our computers need/use.

If the computer is offline as suggested, then it's a non-issue. If you're online then you need to be patched as soon as it's available.
 
I think the thing we don't know is whether, for us folks that are probably fairly dependent on processor speed than the average, the "cure" will be worse for us than taking our chances.

To be clear, you cannot be harmed by this flaw unless you install and run software on your computer that knows how to exploit it. And, nobody knows of any exploits in the wild, yet.

So, never download anything new, and you have nothing to worry about. Only purchasing/installing licensed software that does not require bypassing security checks to install probably is 99.9% risk free (WAG) as well, so I'm not going to skip an [authentic] update to software I use regularly.

If you grab every link to a new game that is flashed in front of you on Facebook, well, you probably already have crap on your computer. (And, no, you're not welcome to connect to my home network...)

I will probably accept the OSX security update on my MacBook, assuming it doesn't require an update to High Sierra, and evaluate it with some projects from my Mini, and if it seems to not impact anything negatively, then I'll go ahead and install it there, too. (But, I will wait until after my next live-tracking gig that will need all 12 tracks to record smoothly. I'm not crazy!)
 
To be clear, you cannot be harmed by this flaw unless you install and run software on your computer that knows how to exploit it. And, nobody knows of any exploits in the wild, yet.

Well...apparently there's more to it than that. It seems that in many processors (Intel and AMD) there was designed some sort of sub-system, that was always "on" and that it maintained its own network connection, even when the computer was powered off, but still connected.
Some are calling it an intentional "back door" put there by the designers, but they argue that it was never meant to be used without permission by the users...etc.
So it appears THIS is now what has the potential to be exploited...and then a hacker could always view what is in memory. Apparently they couldn't steal, change or delete anything...just view it, so passwords or secrets could be revealed.

The fix to the OS and the firmware is supposed to solve that, but it brings with it some "potential" for a processor speed reduction...which may only really affect some systems and some processes. So the cure may be worse than the sickness...but right now no one really knows what's what for sure.
Microsoft is apparently already pushing the OS patches...so if you have your updates set to auto...you will get them at some point.
The processor firmware patches you have to find, download and run manually...and you need to do that if it matter to you. The firmware patches won't/can't be "pushed" out remotely.

I'm not in the least bit concerned about my online computers...and my DAW is and always has been running offline.
My online computer processors show as one the "vulnerable" ones...so I'm waiting for Dell to kick out the firmware for my processor/computer model in the next week or two....and then I'll probably let the MS patches run too. My online computers are only used for net surfing and basic crap...so I would rather have them protected even if there some minute processing speed hit. The DAW will remain offline....forever. :D

Here's more info:
Intel Management Engine - Wikipedia
 
Yup...already posted that earlier in the thread. :)
I was just trying to clarify that this might-slowdown-your-OS patch is to address a vulnerability that is NOT the same as the IME one. This new one does require something to be installed/running on your computer to exploit.

Of course, if you have an unaddressed IME (I = Intel, i.e., only Intel CPUs, mostly commercial or newer consumer ones) vulnerability, you need to look at taking care of both on your Intel systems, but not AMD or any kind of mobile platform processor.

(P.S. My old Macs do not have the IME vulnerability.)
 
Last edited:
I was just trying to clarify that this might-slowdown-your-OS patch is to address a vulnerability that is NOT the same as the IME one.

Mmm...there may be two things here...but they seem to be connected, and from what I've read you need to do them both to remedy the two (Meltdown and Specter) bugs.
IOW...the MS patching info does state that you need to also do the processor firmware update.

Recommended actions

Customers must take the following actions to help protect against the vulnerabilities.
1.Verify that you are running a supported antivirus application before you install OS or firmware updates. Contact the antivirus software vendor for compatibility information.
2.Apply all available Windows operating system updates, including the January 2018 Windows security updates.
3.Apply the applicable firmware update that is provided by the device manufacturer.

Windows-based machines (physical or virtual) should install the Microsoft security updates that were released on January 3, 2018. See Microsoft Security Advisory ADV180002 for updates for the following versions of Windows.

At any rate...it might not be all that much of an issue. Someone over on GS did some DAW tests post patching/update...and didn't see any processing speed loss. So DAW apps might fall into the "average/typical" desktop operations that are not going to be speed-zapped. :)
Of course...this is still to early to tell 100%.
 
Back
Top