Categories: CPUHardwareMalware

Meltdown & Spectre

Intel Inside

Two vulnerabilities have been identified and made public that exploit the flaws identified in Intel processors.

Meltdown

Meltdown was discovered by researchers at Google’s Project Zero bug hunting team among other researchers, and identified a vulnerability that affects nearly all Intel processors from 1005 onwards.

This means that almost any computer with an Intel processors is vulnerable to Meltdown, be it Windows, Mac, Linux, Server, Desktop, Laptop or tablet.

This vulnerability is going to be particularly devastating on virtualised servers, where a single infected virtual machine could access the memory of a separate virtual machine on the same hardware.

The vulnerability can not be fixed, and instead a workaround needs to be done in the form of a patch from the operating system vendor, such as Microsoft and Apple. As an added complication, some antivirus software might cause conflicts with the patch, and they will need to be updated first or alternative measures taken to mitigate any additional issues.

At the moment, Linux kernel 4.14.11 and above, MacOS 10.13.2 and above and Windows 7sp1 and above will receive the patched kernels.

Because the patch is in software, the processing time required for certain processes will be severely impacted, with estimates of up to 30% loss in performance. This is most likely to be noticeable on SQL servers.

Spectre

The Spectre vulnerability is known to affect Intel AMD and ARM processors, and is actually a family of vulnerabilities that work in different ways to achieve the same result. Essentially Spectre uses different tricks to get a program to perform more functions than is required in an attempt to leak data from the processor. In this way Spectre can access information that the processor should be keeping private, such sensitive information could include user account details, passwords and other logon credentials.

As there is no single attack vector in the case of Spectre, it’s going to be even harder to fix, requiring multiple patches on systems shown to be vulnerable to this type of attack.

Spectre is a lot more random in it’s ability to access data, and it may prove too infective to be usable in real-world malware, but the nature of this kind of vulnerability is made possible only by the continued drive for faster processing using fundamentally the same technology as was used in the 1950’s.

Kernel

In any operating system, be it Windows, Mac, Linux, Android or whatever, is based on a Kernel controlling your computer, and the actual operating system sending commands to the kernel. The kernel manages the movement of data from the hard disk to the memory and to the CPU or other processors as required.

Once it passes the data to the CPU, it is stored in the CPU’s cache, and this is where Meltdown and Spectre take advantage of the vulnerabilities that have been identified.

Staying Safe

For home users, the best advice as always is to make sure your patches are up-to-date, and that you have a robust managed antivirus solution running that can monitor your email and internet access too.

Google and Mozilla are already pushing out updates to their browsers Chrome and Firefox, that help prevent any malicious websites from using Spectre and Meltdown based code, but this should be seen as only one part of a multi-faceted defence strategy. Using script and add blockers will help further, and making use of your browsers site isolation features, and secure password management tools.

For companies running database servers or virtual servers, the impact is going to be more of a problem. Patching is essential as are having robust antivirus and network security in place. the impact of the patches will need to be tested in your off-line environment first, and rolled out live as soon as possible. You’ll also need to consider the effects of the patches from a speed point of view, especially if you have time critical applications running.

#WeCanHelp

We can help you put preventative measures in place both on your work network and at home to help prevent any malware exploiting these and other vulnerabilities. We can help educate users on the common ways business networks become infected, and we can put in place monitoring systems to make sure if anything suspicions happens you know about it immediately.

If you need help getting your IT safe and secure, contact us today.

        <a href="mailto:it@tinsleynet.co.uk">
                    it@tinsleynet.co.uk
                </a>
        <a href="tel:+447825650122">
                    07825 650122
                </a>
        <a href="/contact">
                    Contact Us
                </a>
Share
Leave a Comment