05/01/2018

Spectre and Meltdown – Am I affected

You may have seen in news coverage this week details of vulnerabilities known and Spectre and Meltdown affecting Intel, AMD and ARM processors.

We have received information from our security partner Dell Secureworks on this subject, which for those non-techie out there summounts to a vulnerability which could impact the processors of your phones, pcs, servers, tablet devices amongst other things. I dont usually quote the BBC but they have a helpful explaination – http://www.bbc.co.uk/news/technology-42575033 

 

Best practise should be applied to patching systems as this could otherwise impact normal operation or capacity of your services.  Full technical information outlined below for those of you hungry for detail.  For those who are not, this is a vulnerability in the processors produced by major vendors for perhaps? the past 20years.

 

 

Dell Secureworks Counter Threat Unit(TM) (CTU) researchers are analyzing reports of vulnerabilities known as SPECTRE and MELTDOWN affecting Intel, AMD, and ARM processors. The first reports were published on January 2, 2018, prior to a coordinated disclosure scheduled for the week of January 8. There is no evidence of exploitation as of this publication, but the publicly disclosed proof-of-concept (PoC) exploit code could result in the vulnerabilities being weaponized for malware delivery.

 

SPECTRE and MELTDOWN are in a vulnerability class referred to as `speculative execution side-channel attacks.` These attacks exploit performance optimizations used by modern CPUs to access protected memory. SPECTRE has been verified on Intel, AMD, and ARM processors. MELTDOWN appears to only impact Intel processors. The vulnerabilities affect servers, desktops, laptops, mobile devices, and cloud servers.

 

The primary risk from these vulnerabilities is sensitive information theft, such as extracting encryption keys or passwords from memory. Cloud servers could be significantly impacted if an attacker exploits these vulnerabilities to break out of a guest virtual host or container. It may also be possible to deliver exploit code via drive-by download to extract information from a victims web browser. As of this publication, limited practical demonstrations of these attack vectors exist.

 

The vulnerabilities have been assigned the following CVEs:

  • CVE-2017-5753: Bounds check bypass (SPECTRE)
  • CVE-2017-5715: Branch target injection (SPECTRE)
  • CVE-2017-5754: Rogue data cache load (MELTDOWN)

 

Intel, AMD, ARM, Microsoft, Google, Apple, Amazon and other technology vendors are releasing software updates to mitigate the risk from these vulnerabilities. Long-term solutions require re-engineering the vulnerable processor architectures. Third-party analysis of vendor security updates notes potential performance impact under some circumstances and workloads, as well as conflicts between the OS patches and some software that has significant interactions with the kernel (e.g., antivirus and endpoint security solutions).

 

 

Recommended actions:

CTU researchers strongly advise a phased approach to updating vulnerable systems. Clients should follow standard best practices for testing updates on systems that match the production environment and should test a subset of updated systems with a representative workload before widely deploying updates in production environments. Databases or systems with high levels of I/O activity may be most significantly impacted. Clients should also contact cloud service providers to confirm that platforms that store or process corporate data are updated, especially for shared hosting or infrastructure-as-a-service providers.

 

References:

https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html

https://meltdownattack.com/meltdown.pdf

https://spectreattack.com/spectre.pdf

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180002

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

http://www.amd.com/en/corporate/speculative-execution

https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-6

https://aws.amazon.com/security/security-bulletins/AWS-2018-013/

https://support.microsoft.com/en-ae/help/4073235/cloud-protections-speculative-execution-side-channel-vulnerabilities

https://blog.google/topics/google-cloud/what-google-cloud-g-suite-and-chrome-customers-need-know-about-industry-wide-cpu-vulnerability/

https://twitter.com/pwnallthethings/status/948693961358667777

https://pastebin.com/CF91uGTG

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners