Request a Demo
Welcome to the Cygilant Blog

Spectre and Meltdown: A Summary

Posted by Neil Weitzel on Jan 8, 2018

spectre.pngmeltdown.png

You likely heard last week about the new Spectre and Meltdown vulnerabilities that affect nearly every processor. If you haven’t followed all the reports, here’s a quick rundown about these vulnerabilities:

Last week, a vulnerability in speculative execution on widely used central processing units (CPUs) was identified.  The vulnerabilities, nicknamed Meltdown and Spectre, take advantage of cache assigned to processes by allowing parallel processes to read the allocated memory.  The memory could contain critical information or any data processed by the system or its applications, such as passwords.  While an attack of this nature requires sophisticated technical knowledge to weaponize, several CPU and software vendors have responded quickly to release patches that mitigate these vulnerabilities.  Current versions of operations systems and applications have released patches while updates for older versions should be available very soon.

To protect your systems ensure you have deployed available updates from software vendors (including anti-virus definitions).  Additionally, since these attacks utilize parallel system processes, you should validate software running your systems against a whitelist of know-valid applications and services. Further, it is imperative to remind system users they should not install software, plug-ins (such as browser extensions), open unsolicited attachments or attach unverified media storage; these are the most likely delivery mechanisms for this type of attack.  Future attacks that utilize these vulnerabilities are expected in web browsers whose processes are typically isolated from others. Therefore, confirm you are running the most up-to-date versions of web browsing applications and remove unnecessary plug-ins to help secure your systems.

 

Microsoft has issued security advisory 18002 in relation to the vulnerabilities:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Information regarding Apple’s December update which addresses Kernel memory exploits is also available: https://support.apple.com/en-us/HT208221

 

The Linux Kernel, similarly, has an update named KAISER available which can mitigate these attacks: https://github.com/IAIK/KAISER/tree/master/KAISER

 

If you’re interested in learning more, you can watch our recent webcast on the vulnerabilities on demand:

Watch Webcast

Tags: Spectre, Meltdown, InfoSec, Vulnerabilities

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Popular Posts

Posts by Topic

See All