UDTSecure Threat Advisory - ID: 1037993 - Meltdown and Spectre

UDTSecure Threat Advisory – ID: 1037993 – Meltdown and Spectre

CVE Reference: CVE-2017-5753, CVE-2017-5715, CVE-2017-5754
Date: January 10th, 2018
Status: Confirmed
Fix Available: Yes (vendor dependent)
Impact: Hardware vulnerabilities present in modern processors allow programs to steal data (including passwords or other sensitive data) from the memory of the operating system and other running programs on a computer.
Security Rating: CRITICAL

Overview
Two critical exploits, dubbed Meltdown and Spectre, have been discovered to affect most modern computer processors. These threats are comprised of multiple vulnerabilities that leverage side-channel attacks to obtain information from computer memory locations. Meltdown “melts” security boundaries between applications and the operating system that are normally enforced by hardware, while Spectre breaks the isolation between different applications. These vulnerabilities allow malicious programs to trick the operating system, or other applications, into leaking data, including passwords, secrets, or other sensitive data.

The Meltdown and Spectre attacks take advantage of security flaws present in most modern processors. Specifically, the speculative execution and out-of-order execution of CPU instructions are responsible for these attacks. These techniques are used by modern CPUs to minimize wait time and improve performance. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. Both Meltdown and Spectre have patches that have been made available for various devices and operating systems.

Affected Software:
Desktop, laptop, and cloud computers may be affected by Meltdown. Almost every Intel processor released since 1995 is affected by Meltdown. AMD processors may be susceptible to Meltdown, but it has not yet been demonstrated. For ARM processors, only a limited subset of Cortex-A chips are at risk.

Almost every system is affected by Spectre, including desktops, laptops, cloud servers, and smartphones. All modern processors are potentially vulnerable, including Intel, AMD, and ARM.

Recommendation:
Users should install updates and patches to affected products and hosts as soon as they become available. Firmware updates will vary and are vendor and model dependent. In addition, most firmware updates need to be installed directly on the system, requiring physical access and system reboots. Unless a known patch has been applied, assume that all devices using modern processors are vulnerable.

It is of note that there may be a performance impact as a result of many of these updates, with some workloads experiencing a larger impact than others. Specifically, older processors are more likely to be impacted, as are Windows Server instances, especially if they are I/O intensive. Microsoft has warned customers to consider not updating their server firmware if they do not run any untrusted code or if it is imperative that performance is not impacted, as there are reported cases of “significant” impacts to performance with the current updates.

In addition, ensure that other standard security best practices are being followed to minimize exposure. Avoid suspicious e-mail attachments, documents, and websites. Ensure that long, complex passwords are used. Keep all software up to date with patches.

Underlying Affected Products:
All products that utilize modern CPUs are likely affected. We highly recommend you visit each vendor’s website for products and/or system components that are applicable to your environment and infrastructure for more specific information on remediation of these vulnerabilities.

Microsoft has released documents that cover both server and client versions of Windows:

Company Link

Intel	Security Advisory / Newsroom / Whitepaper
ARM	Security Update
AMD	Security Information
RISC-V	Blog
NVIDIA	Security Bulletin / Product Security
Microsoft	Security Guidance / Information regarding anti-virus software / Azure Blog / Windows (Client) / Windows (Server)
Amazon	Security Bulletin
Google	Project Zero Blog / Need to know
Android	Security Bulletin
Apple	Apple Support
Lenovo	Security Advisory
IBM	Blog
Dell	Knowledge Base / Knowledge Base (Server)
HP	Vulnerability Alert
Huawei	Security Notice
Synology	Security Advisory
Cisco	Security Advisory
F5	Security Advisory
Mozilla	Security Blog
Red Hat	Vulnerability Response / Performance Impacts
Debian	Security Tracker
Ubuntu	Knowledge Base
SUSE	Vulnerability Response
Fedora	Kernel update
Qubes	Announcement
Fortinet	Advisory
NetApp	Advisory
LLVM	Spectre (Variant #2) Patch / Review __builtin_load_no_speculate / Review llvm.nospeculateload
CERT	Vulnerability Note
MITRE	CVE-2017-5715 / CVE-2017-5753 / CVE-2017-5754
VMWare	Security Advisory / Blog
Citrix	Security Bulletin / Security Bulletin (XenServer)
Xen	Security Advisory (XSA-254) / FAQ

If you feel you’ve been the subject of an attack or view suspicious activities in emails or networks, call us immediately at 1-800-882-9919 and request to speak to one of our fully certified cybersecurity consultants.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

K12 Budgeting: Planning Your 1:1 Device Refresh Program Cost

As K12 education evolves, managing 1:1 device programs effectively is crucial. These programs, providing each student with a personal computing device, play a pivotal role in modern education. Success demands strategic planning, communication, foresight, and a holistic approach to device management. With digital learning on the rise, these devices are more than just tools for accessing information; they are platforms for interactive, core learning experiences. However, funding remains a significant hurdle, making effective budgeting for your device refresh program essential for optimizing ROI and device longevity.

Crafting a Futureproof 1:1 Device Strategy for School Districts

In the evolving landscape of Education Technology, crafting a futureproof 1:1 device strategy is crucial. This strategy should link every student, teacher, and administrator experience with specific device specifications. The integration of educational apps into the curriculum can significantly enhance the learning environment. These apps, tailored to the needs of students, can provide interactive content, fostering a dynamic learning experience.

Optimizing Your K12 Tech Investments: Funding 1:1 Device Programs

This blog will guide school districts grappling with the financial and resource demands of implementing a successful 1:1 device program amid ongoing challenges of budget constraints and competing priorities. Our guided workbook, created in partnership with Intel, provides further support with personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

K12 Cybersecurity: How to Secure 1:1 Devices in Your School District

This blog post delves into the importance of security, cybersecurity, and data privacy in school districts implementing 1:1 device initiatives. It offers basic steps for evaluating, planning, and executing a security strategy. Our guided workbook, created in partnership with Intel, provides a personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

Lost & Stolen Devices are a Serious Data Security Threat—Here’s Why

Since the pandemic, remote and hybrid work has become the norm. While mobile devices and remote workstations have empowered great flexibility, it has also led to an increase in data security problems due to lost, misplaced, or stolen devices. Find out how remote and hybrid setups are contributing to this problem and how to protect yourself and your organization.

Ransomware Gangs Adding Pressure with ‘Swatting’ Attacks—Here’s What You Need to Know

Ransomware gangs are implementing new extortion tactics to encourage victims to pay up. Swatting is becoming an increasingly popular tactic. It involves calling law enforcement to falsely report a serious, in-progress crime triggering an extreme response such as an armed raid from the SWAT team. Explore how cybercriminals are using this tactic and what you can do to prevent it from happening to you.