UDTSecure™ Threat ID: 1037993 – Meltdown and Spectre

CVE Reference: CVE-2017-5753, CVE-2017-5715, CVE-2017-5754
Date: January 10th, 2018
Status: Confirmed
Fix Available: Yes (vendor dependent)
Impact: Hardware vulnerabilities present in modern processors allow programs to steal data (including passwords or other sensitive data) from the memory of the operating system and other running programs on a computer.
Security Rating: CRITICAL

Overview
Two critical exploits, dubbed Meltdown and Spectre, have been discovered to affect most modern computer processors. These threats are comprised of multiple vulnerabilities that leverage side-channel attacks to obtain information from computer memory locations. Meltdown “melts” security boundaries between applications and the operating system that are normally enforced by hardware, while Spectre breaks the isolation between different applications. These vulnerabilities allow malicious programs to trick the operating system, or other applications, into leaking data, including passwords, secrets, or other sensitive data.

The Meltdown and Spectre attacks take advantage of security flaws present in most modern processors. Specifically, the speculative execution and out-of-order execution of CPU instructions are responsible for these attacks. These techniques are used by modern CPUs to minimize wait time and improve performance. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. Both Meltdown and Spectre have patches that have been made available for various devices and operating systems.

Affected Software:
Desktop, laptop, and cloud computers may be affected by Meltdown. Almost every Intel processor released since 1995 is affected by Meltdown. AMD processors may be susceptible to Meltdown, but it has not yet been demonstrated. For ARM processors, only a limited subset of Cortex-A chips are at risk.

Almost every system is affected by Spectre, including desktops, laptops, cloud servers, and smartphones. All modern processors are potentially vulnerable, including Intel, AMD, and ARM.

Recommendation:
Users should install updates and patches to affected products and hosts as soon as they become available. Firmware updates will vary and are vendor and model dependent. In addition, most firmware updates need to be installed directly on the system, requiring physical access and system reboots. Unless a known patch has been applied, assume that all devices using modern processors are vulnerable.

It is of note that there may be a performance impact as a result of many of these updates, with some workloads experiencing a larger impact than others. Specifically, older processors are more likely to be impacted, as are Windows Server instances, especially if they are I/O intensive. Microsoft has warned customers to consider not updating their server firmware if they do not run any untrusted code or if it is imperative that performance is not impacted, as there are reported cases of “significant” impacts to performance with the current updates.

In addition, ensure that other standard security best practices are being followed to minimize exposure. Avoid suspicious e-mail attachments, documents, and websites. Ensure that long, complex passwords are used. Keep all software up to date with patches.

Underlying Affected Products:
All products that utilize modern CPUs are likely affected. We highly recommend you visit each vendor’s website for products and/or system components that are applicable to your environment and infrastructure for more specific information on remediation of these vulnerabilities.

Microsoft has released documents that cover both server and client versions of Windows:

Company           Link

Intel Security Advisory    /     Newsroom    /     Whitepaper
ARM Security Update
AMD Security Information
RISC-V Blog
NVIDIA Security Bulletin   /    Product Security
Microsoft Security Guidance    /     Information regarding anti-virus software    /     Azure Blog    /     Windows (Client)    /     Windows (Server)
Amazon Security Bulletin
Google Project Zero Blog    /     Need to know
Android Security Bulletin
Apple Apple Support
Lenovo Security Advisory
IBM Blog
Dell Knowledge Base   /    Knowledge Base (Server)
HP Vulnerability Alert
Huawei Security Notice
Synology Security Advisory
Cisco Security Advisory
F5 Security Advisory
Mozilla Security Blog
Red Hat Vulnerability Response   /    Performance Impacts
Debian Security Tracker
Ubuntu Knowledge Base
SUSE Vulnerability Response
Fedora Kernel update
Qubes Announcement
Fortinet Advisory
NetApp Advisory
LLVM Spectre (Variant #2) Patch   /    Review __builtin_load_no_speculate   /    Review llvm.nospeculateload
CERT Vulnerability Note
MITRE CVE-2017-5715   /    CVE-2017-5753    /     CVE-2017-5754
VMWare Security Advisory   /    Blog
Citrix Security Bulletin   /    Security Bulletin (XenServer)
Xen Security Advisory (XSA-254)   /    FAQ

If you feel you’ve been the subject of an attack or view suspicious activities in emails or networks, call us immediately at 1-800-882-9919 and request to speak to one of our fully certified cybersecurity consultants.

Do you have questions? Contact Us.