Massive Intel CPU Flaws, Threats Posed by Meltdown & Spectre Exploits
Impact
The Intel CPU flaws as well as the Meltdown & Spectre exploits affect virtually every modern computer, including Windows PCs/laptops, Apple Mac computers/laptops, tablets, smart phones, and even many Internet of Things (IoT) devices. These flaws could allow an attacker to read system memory, which could contain passwords, encryption keys, and other sensitive information.
Background Information
On Wednesday, January 3rd, 2018, various media outlets published information about two critical architectural flaws in various CPUs that allow applications to read kernel memory. The first, named Meltdown, relates to the behavior of out-of-order execution on CPUs, neutralizing security models based on address space isolation and paravirtualized software containers, such as Docker. This allows applications to read any mapped physical memory, including at the kernel level. The second, Spectre, is a flaw in branch prediction and speculation that allows applications to read kernel memory.
How You Can Protect Yourself and Your Organization
Patching & Updating is Key. Pull patching reports for your network to make sure your Windows patching process is working efficiently, and verify that the applicable patches for these vulnerabilities have applied. Check with manufacturers on software updates and firmware updates for affected systems.
Be Prepared for a Performance Slowdown - Patches for affected systems are predicted to slow systems down by as much as 30%. This could cause system crashes for older systems and systems that already have heavily taxed CPUs. Run performance reports to audit memory CPU and memory usage prior to your next updates. New higher performing PCs may be needed for some users, and some older servers may need to be replaced sooner than later.
Antivirus Software May Block Windows Updates - According to Microsoft, due to an issue with some versions of Antivirus software, applicable Windows updates may not be applied. Contact your Antivirus software vendor to confirm their compatibility. Fulcrum recommends Symantec EndPoint Protection and Webroot Antivirus software solutions; both vendors report their software to be compatible.
Inventory Your IT Hardware Assets - Make sure you have an up-to-date inventory of all of your IT hardware assets. Determine which assets are affected, and plan accordingly.
Internet-of-Things Devices - Don't forget IoT devices, they can be affected too. If you're unsure what IoT devices are on your network, consider running an internal vulnerability scan against your network to look any unpatched or vulnerable systems.
Contact Your IT Service Provider - If you're a Fulcrum Group SPOT client, don't worry, we are already formulating a plan to update your affected systems.
Additional Technical Information
According to CERT, the vulnerabilities require the ability execute code locally on a target system. Typically this required a valid account or independent compromise of the target system. Attacks using JavaScript in web browsers are possible. Multi-user and multi-tenant systems (including virtualized and cloud environments) likely face the greatest risk. Systems use to browse arbitrary web sites are also at risk. Single-user systems that do not readily provide a way for attackers to execute code locally face significantly lower risk. US-CERT encourages users and administrators to review CERT/CC's VU #584653.
It is important to note that Meltdown and Spectre generally represent hardware-level flaws. While software vulnerabilities are comparatively easy to patch, this class of vulnerability requires architectural changes for future products. For existing devices, software patches and configuration changes—including limiting or removing access to specific CPU instructions—can assist in minimizing risk, but complete risk mitigation may not be possible. Presently, it is unclear if CPU microcode updates can completely mitigate these vulnerabilities.
It's unclear if Meltdown or Spectre have been used in the wild, as the vulnerabilities are not software exploits, and would not be traceable in system logs. This also makes the pair difficult to detect as part of a malware attack, though known malware signatures are still possible to determine by traditional means.
Meltdown, considered by many researchers to be one of the worst CPU bugs ever found, is currently thought to primarily affect Intel processors manufactured since 1995, excluding the company’s Itanium server chips and Atom processors before 2013. It could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory. Meltdown, therefore, requires a change to the way the operating system handles memory to fix, which initial speed estimates predict could affect the speed of the machine in certain tasks by as much as 30%.
The Spectre flaw affects most modern processors made by a variety of manufacturers, including Intel, AMD and those designed by ARM, and potentially allows hackers to trick otherwise error-free applications into giving up secret information. Spectre is harder for hackers to take advantage of but is also harder to fix and would be a bigger problem in the long term, according to researchers.
Want to learn more? See these links to articles and information about Meltdown & Spectre.
Microsoft Windows Updates/Patches for Meltdown & Spectre