Meltdown and Spectre. You may have heard of them, but if not, they are a recently-discovered set of vulnerabilities affecting Intel, ARM, and in the case of Spectre, AMD processors that have been all over the security and mainstream news feeds lately.

The two things that people want to know are:

  1. What does it do?
  2. Am I affected?               

As always the first question is easier to answer than the second.

What Does Meltdown or Spectre Do? 

Through the vulnerability, an attacker is able to compromise the privileged memory of a processor by exploiting the way processes run in parallel. This also allows attackers to use JavaScript code in browsers to access memory in the attacker's process, which could contain passwords, keystrokes and other information.

Am I Affected?

There has already been proof-of-concept code released by researchers and it has been shown to run on Linux systems. However, Microsoft says they have not received any information to indicate that the vulnerabilities have been used to attack their customers at this point.

As this is a multi-layered problem, the recommended fixes have been shown to potentially impact CPU performance by up to 30%.

The major web browsers; Microsoft, Apple, Google, and Mozilla, all have plans to patch their browsers and some already have. These patches act as a first line of defense for the affected systems. If you have automatic updates on for your browsers, you likely already have this.

Apple has confirmed that their processors and the macOS are susceptible to both Meltdown and Spectre.  Apple has also issued updates for both iOS and macOS to use dual-page table mappings. 

Microsoft has issued an emergency security patch for Windows but there are some third-party antivirus software that currently do not allow the patch to be applied.  While security researchers are trying to compile a list of AVs that are supported, there have been some outliers that make the list tough to complete. As a way to show the current system protection against these vulnerabilities, Microsoft has released a PowerShell script to test for Meltdown and Spectre. 

https://support.microsoft.com/en-hk/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

VMWare ESXi has a patch for their hypervisor to help mitigate the Meltdown vulnerability. Patching the virtual systems is recommended for full protection.

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

In order to apply the fix for Meltdown at the hardware level, a firmware update is required. It will be up to system OEMs (Lenovo, IBM, HP, Acer, etc.) to distribute the firmware update once Intel has released it.

What About the Cloud?

Microsoft has implemented a fix at the hypervisor level of its Azure cloud to help protect against Meltdown for its virtual hosts. Virtual systems running in the cloud should still be patched to help provide full protection against the Spectre vulnerability. 

Amazon's EC2 and other services have also applied patches at the hypervisor level to help stop the Meltdown vulnerability. Again, patching the underlying virtual systems is recommended.

Google's cloud infrastructure has been similarly updated to address Meltdown, but Google specifically states that the virtual systems need to be patched for complete protection.

Both Amazon and Microsoft have indicated that there is no meaningful impact on the I/O processes for their clouds.

For full vulnerability information on Meltdown or Spectre, it is recommended to review CVE-2017-5715 and CVE-2017-5753.

IntelliGO MDR

The IntelliGO Managed Detection and Response (MDR) Platform collects data from all your systems and can correlate threat intelligence to help you find and respond to threats you may have missed. 

Download a sample of our Prevention Posture Assessment (PPA) report and find out how you can use it to determine if you have been breached or can be breached by malware.

See how IntelliGO can help You

New Call-to-action

Subscribe To Our Blog

New call-to-action

Let us know what you thought about this post.

Please comment below.