Posted by Collin Buechler on Feb 2, 2018 2:00:05 PM
If you listen to the news reporting on Meltdown and Spectre you would have no doubt in your mind that these issues must be addressed immediately. According to most reports, the Meltdown and Spectre vulnerabilities have shaken everyone’s fundamental trust in technology.
They impact nearly every piece of computer and communications technology manufactured in the past 20 years, including laptops, mobile phones, tablets, computers and smart refrigerators. They represent a clear and present danger to your data and the integrity of your system security, but let’s take a deep breath and understand what is the real risk.
Understanding the scope and impact of a threat is key to understanding how to mitigate the risk.
What are Meltdown and Spectre?
Meltdown and Spectre are vulnerabilities that are caused due to a design flaw in computer processor chipsets made by Intel, IBM, AMD, and ARM. The vulnerability is caused by the chip’s attempt to read data ahead and execute out of order operations to improve the operational efficiency of the computer system.
How is this risk exploited?
Malicious users (Hackers) who have gained physical access to a host, or have gained remote access to administrative permissions can theoretically access the memory space and read the data in the queue.
Are my systems affected?
For argument's sake, let’s assume that answer is yes. Spectre and Meltdown impact nearly all chipsets manufactured by Intel, AMD, ARM, and IBM in the past 20 years.
To be precise Avaya and Cisco running in virtual environments are at risk, as are many hardware-based solutions from these vendors. In addition, any system running Microsoft Windows on one of these chipsets are affected. It is likely easier to list the systems that are not vulnerable to these exploits.
What does that really mean?
It means the Malicious User could get usernames and passwords, encryption keys, or any documentation that the processor has queued up; but the malicious user would need to have full control of the server to execute against the vulnerability. This means the malicious user would already have access to all of this information and would not need to execute against Meltdown or Spectre.
While certain applications have been identified that could allow Spectre and Meltdown to be executed remotely; for example Java in a web-browser, such attacks have not been identified in the wild and would require users to be running vulnerable applications to exploit.
Are updates available for Spectre and Meltdown?
While Microsoft and Intel have both released updates to address Spectre and Meltdown, neither organization recommends applying those updates right now.
The Mircosoft supplied patch has a significant impact on system performance. Internal testing by ConvergeOne indicates a 40%-60% performance impact to systems as the operating system stops using the out of order operations ability of the chipset.
The Intel provided update has caused instability and reboot issues with systems after being applied and was pulled by Intel until those concerns can be addressed.
How do I protect against Spectre and Meltdown?
The best way to ensure a malicious user cannot exploit Meltdown or Spectre is to have a multi-layered security program in place that includes:
- Protecting systems from unauthorized remote administrative access and privilege escalation,
- Updating all current browsers to the latest version,
- Identifying operating system and application patches and apply as appropriate,
- Checking for motherboard and chipset firmware updates and follow manufacturer’s guidance,
- Continuing to monitor security bulletins related to Spectre and Meltdown in order to identify the most current mitigation efforts.
What does this all mean?
While Meltdown and Spectre are significant threats to data security, there are a lot of things you are probably already doing to protect yourself. Implement network security and monitoring to help protect systems, limit remote administrative access to all systems, and update systems to help prevent the conditions that allow Meltdown and Spectre to be exploited while the world waits on the chipset manufacturers to provide an update that does not break systems.
In addition, these vulnerabilities are not known to have been actively employed in an attack in the wild yet but are theoretically capable of stealing memory resident data that could include passwords and other sensitive information so they need to be taken seriously.
Join security experts at ConvergeOne for an upcoming webinar on this topic: