You likely heard last week about the new Spectre and Meltdown vulnerabilities that affect nearly every processor. If you haven’t followed all the reports, here’s a quick rundown about these vulnerabilities:
Last week, a vulnerability in speculative execution on widely used central processing units (CPUs) was identified. The vulnerabilities, nicknamed Meltdown and Spectre, take advantage of cache assigned to processes by allowing parallel processes to read the allocated memory. The memory could contain critical information or any data processed by the system or its applications, such as passwords. While an attack of this nature requires sophisticated technical knowledge to weaponize, several CPU and software vendors have responded quickly to release patches that mitigate these vulnerabilities. Current versions of operations systems and applications have released patches while updates for older versions should be available very soon.
To protect your systems ensure you have deployed available updates from software vendors (including anti-virus definitions). Additionally, since these attacks utilize parallel system processes, you should validate software running your systems against a whitelist of know-valid applications and services. Further, it is imperative to remind system users they should not install software, plug-ins (such as browser extensions), open unsolicited attachments or attach unverified media storage; these are the most likely delivery mechanisms for this type of attack. Future attacks that utilize these vulnerabilities are expected in web browsers whose processes are typically isolated from others. Therefore, confirm you are running the most up-to-date versions of web browsing applications and remove unnecessary plug-ins to help secure your systems.
Microsoft has issued security advisory 18002 in relation to the vulnerabilities:
- To check if a Windows desktop operating systems is protected follow this process: https://support.microsoft.com/en-hk/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe
- Similarly, a process to check for protection on Windows server operating systems is available: https://support.microsoft.com/en-hk/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s
The Linux Kernel, similarly, has an update named KAISER available which can mitigate these attacks: https://github.com/IAIK/KAISER/tree/master/KAISER
If you’re interested in learning more, you can watch our recent webcast on the vulnerabilities on demand: