Aspire VN7-592G - Spectre BIOS Update

bl3h
bl3h Member Posts: 3 New User
edited November 2023 in 2018 Archives
Hi !
I checked the Notebook models listed on "Meltdown and Spectre Security Vulnerabilities" at https://us.answers.acer.com/app/answers/detail/a_id/53104 ,  and I can see that there is a BIOS update planned for Aspire VN7-593G, but nothing about Aspire VN7-592G.

Is it the same BIOS ? Can I install it when available ?
Or:
Do I have to patch manually with standalone patches and registry fixes available at https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates ?
Thank you by advance!

Best Answers

  • JackE
    JackE ACE Posts: 44,330 Trailblazer
    Answer ✓
    The only authorised 592G updates that address any vulnerabilities will appear on the ACER driver website if required. Jack E/NJ

    Jack E/NJ

  • bl3h
    bl3h Member Posts: 3 New User
    Answer ✓
    As I do not expect any BIOS update fixing Spectre v2 vulnerability for my ACER Aspire VN7-592G, I decided to go ahead and patch manually (and successfully) with the standalone patch KB4090007 (not available in Windows Update) made by Intel and distributed by Microsoft.

    This is what I did:

    1- Create a restoration point or backup your registry before following the steps below.

    2- Read the documentation: https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

    3- Download the 64bit (x64-based Systems) patch from microsoft catalogue: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4090007

    4- Close programs, disable antivirus and install the patch.

    5- Reboot.

    6- Verify if you are protected using PowerShell (run as administrator), with the following commands:
    PS C:\WINDOWS\system32> <b>Install-Module SpeculationControl</b><br>PS C:\WINDOWS\system32> <b>$SaveExecutionPolicy = Get-ExecutionPolicy</b><br>PS C:\WINDOWS\system32> <b>Set-ExecutionPolicy RemoteSigned -Scope Currentuser</b><br>PS C:\WINDOWS\system32> <b>Import-Module SpeculationControl</b><br>PS C:\WINDOWS\system32> <b>Get-SpeculationControlSettings</b>It should display something like this:

    <p><span>Speculation control settings for CVE-2017-5715 [branch target injection]<br></span><span>Hardware support for branch target injection mitigation is present: True<br></span><span>Windows OS support for branch target injection mitigation is present: True<br></span>Windows OS support for branch target injection mitigation is enabled: True
    <span>
    <span>Speculation control settings for CVE-2017-5754 [rogue data cache load]
    </span></span><span>Hardware requires kernel VA shadowing: True
    </span><span>Windows OS support for kernel VA shadow is present: True
    </span><span>Windows OS support for kernel VA shadow is enabled: True
    </span>Windows OS support for PCID optimization is enabled: True</p>


    7- Additionnaly, you can verify with other tools, such as:
    InSpectre : https://www.grc.com/inspectre.htm 
    Ashampoo Spectre Meltdown CPU Checker : https://www.ashampoo.com/en/usd/pin/1304/security-software/spectre-meltdown-cpu-checker

    That's it.

    If you follow this procedure and, just like me, successfully patch your ACER Aspire VN7-592G against Spectre v2, please, let me know.

Answers

  • JackE
    JackE ACE Posts: 44,330 Trailblazer
    Do NOT try to update the BIOS unless it is specifically listed for your VN7-592G and specifically stated to address the vulnerabilities. Trying to do otherwise could brick your machine. Jack E/NJ

    Jack E/NJ

  • bl3h
    bl3h Member Posts: 3 New User
    Ok, I will not use the BIOS update for VN7-593G. You answered the 1st part of my question, thank you.

    By the way, I just checked the differences between the models, the VN7-592G has a 6th generation intel core, and the VN7-593G has a 7th generation. You are right, it shouldn't work.

    Is someone aware of a BIOS update for Aspire VN7-592G ? This model is very recent, I am worried that it is not in the list.
  • JackE
    JackE ACE Posts: 44,330 Trailblazer
    Answer ✓
    The only authorised 592G updates that address any vulnerabilities will appear on the ACER driver website if required. Jack E/NJ

    Jack E/NJ

  • bl3h
    bl3h Member Posts: 3 New User
    Answer ✓
    As I do not expect any BIOS update fixing Spectre v2 vulnerability for my ACER Aspire VN7-592G, I decided to go ahead and patch manually (and successfully) with the standalone patch KB4090007 (not available in Windows Update) made by Intel and distributed by Microsoft.

    This is what I did:

    1- Create a restoration point or backup your registry before following the steps below.

    2- Read the documentation: https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

    3- Download the 64bit (x64-based Systems) patch from microsoft catalogue: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4090007

    4- Close programs, disable antivirus and install the patch.

    5- Reboot.

    6- Verify if you are protected using PowerShell (run as administrator), with the following commands:
    PS C:\WINDOWS\system32> <b>Install-Module SpeculationControl</b><br>PS C:\WINDOWS\system32> <b>$SaveExecutionPolicy = Get-ExecutionPolicy</b><br>PS C:\WINDOWS\system32> <b>Set-ExecutionPolicy RemoteSigned -Scope Currentuser</b><br>PS C:\WINDOWS\system32> <b>Import-Module SpeculationControl</b><br>PS C:\WINDOWS\system32> <b>Get-SpeculationControlSettings</b>It should display something like this:

    <p><span>Speculation control settings for CVE-2017-5715 [branch target injection]<br></span><span>Hardware support for branch target injection mitigation is present: True<br></span><span>Windows OS support for branch target injection mitigation is present: True<br></span>Windows OS support for branch target injection mitigation is enabled: True
    <span>
    <span>Speculation control settings for CVE-2017-5754 [rogue data cache load]
    </span></span><span>Hardware requires kernel VA shadowing: True
    </span><span>Windows OS support for kernel VA shadow is present: True
    </span><span>Windows OS support for kernel VA shadow is enabled: True
    </span>Windows OS support for PCID optimization is enabled: True</p>


    7- Additionnaly, you can verify with other tools, such as:
    InSpectre : https://www.grc.com/inspectre.htm 
    Ashampoo Spectre Meltdown CPU Checker : https://www.ashampoo.com/en/usd/pin/1304/security-software/spectre-meltdown-cpu-checker

    That's it.

    If you follow this procedure and, just like me, successfully patch your ACER Aspire VN7-592G against Spectre v2, please, let me know.
  • sf_acer1
    sf_acer1 Member Posts: 6 New User
    Acer Model List for Aspire AXC-603-UR10  Spectre Micro Code Update  -  no entry for this model????
  • JackE
    JackE ACE Posts: 44,330 Trailblazer
    @sf_acer1   >>>AXC-603-UR10  Spectre Micro Code Update  -  no entry for this model???? >>>

    What do the 4 question marks mean? What is your question? Jack E/NJ

    Jack E/NJ

  • macbob
    macbob Member Posts: 3 New User
    edited April 2018
    bl3h said:
    Is someone aware of a BIOS update for Aspire VN7-592G ? This model is very recent, I am worried that it is not in the list.
    ACER's Meltdown and Spectre security vulnerabilities site now lists the Aspire VN7-592G with a projected available date of June 2018.

    https://us.answers.acer.com/app/answers/detail/a_id/53104#_ga=2.131789065.705967549.1524105287-1275358836.1524004490