UDTSecure™ Threat ID: 1037993 – Meltdown and Spectre
CVE Reference: CVE-2017-5753, CVE-2017-5715, CVE-2017-5754
Date: January 10th, 2018
Fix Available: Yes (vendor dependent)
Impact: Hardware vulnerabilities present in modern processors allow programs to steal data (including passwords or other sensitive data) from the memory of the operating system and other running programs on a computer.
Security Rating: CRITICAL
Two critical exploits, dubbed Meltdown and Spectre, have been discovered to affect most modern computer processors. These threats are comprised of multiple vulnerabilities that leverage side-channel attacks to obtain information from computer memory locations. Meltdown “melts” security boundaries between applications and the operating system that are normally enforced by hardware, while Spectre breaks the isolation between different applications. These vulnerabilities allow malicious programs to trick the operating system, or other applications, into leaking data, including passwords, secrets, or other sensitive data.
The Meltdown and Spectre attacks take advantage of security flaws present in most modern processors. Specifically, the speculative execution and out-of-order execution of CPU instructions are responsible for these attacks. These techniques are used by modern CPUs to minimize wait time and improve performance. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. Both Meltdown and Spectre have patches that have been made available for various devices and operating systems.
Desktop, laptop, and cloud computers may be affected by Meltdown. Almost every Intel processor released since 1995 is affected by Meltdown. AMD processors may be susceptible to Meltdown, but it has not yet been demonstrated. For ARM processors, only a limited subset of Cortex-A chips are at risk.
Almost every system is affected by Spectre, including desktops, laptops, cloud servers, and smartphones. All modern processors are potentially vulnerable, including Intel, AMD, and ARM.
Users should install updates and patches to affected products and hosts as soon as they become available. Firmware updates will vary and are vendor and model dependent. In addition, most firmware updates need to be installed directly on the system, requiring physical access and system reboots. Unless a known patch has been applied, assume that all devices using modern processors are vulnerable.
It is of note that there may be a performance impact as a result of many of these updates, with some workloads experiencing a larger impact than others. Specifically, older processors are more likely to be impacted, as are Windows Server instances, especially if they are I/O intensive. Microsoft has warned customers to consider not updating their server firmware if they do not run any untrusted code or if it is imperative that performance is not impacted, as there are reported cases of “significant” impacts to performance with the current updates.
In addition, ensure that other standard security best practices are being followed to minimize exposure. Avoid suspicious e-mail attachments, documents, and websites. Ensure that long, complex passwords are used. Keep all software up to date with patches.
Underlying Affected Products:
All products that utilize modern CPUs are likely affected. We highly recommend you visit each vendor’s website for products and/or system components that are applicable to your environment and infrastructure for more specific information on remediation of these vulnerabilities.
Microsoft has released documents that cover both server and client versions of Windows:
- Windows Server guidance to protect against speculative execution side-channel vulnerabilities
- Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
If you feel you’ve been the subject of an attack or view suspicious activities in emails or networks, call us immediately at 1-800-882-9919 and request to speak to one of our fully certified cybersecurity consultants.