Microsoft has released its second update this month to deal with issues associated with Intel patches for Spectre which cause system instability. The real question is, where are we currently with Spectre and Meltdown in terms of patches and different products and, how do we detect a possible attack? In this article, IntelliGO summarizes where we are now, and what you can do if you've been affected.
A group of CPU-based vulnerabilities called Spectre/Meltdown have recently published software updates from Microsoft and other software vendors.
Many CPUs (Intel, AMD and ARM) have a new vulnerability that allows an attacker to read virtual memory in three different ways: the first two ways are nicknamed Spectre and the 3rd is called Meltdown. For details on the exploits of this vulnerability and how it works, see google project zero.
How do I know if I've been exploited?
No signature for these attacks has been released, but, some Heuristics have been that check for the execution of Spectre/Meltdown exploits, for example - Symantec AV.
What Can You Do About It?
The way to avoid this vulnerability is to update the software for the Chips (Drivers), Operating Systems, Hypervisors and Browsers.
Here is the list of patches in the order that you should apply them:
- Anti-Virus: Updates from January 12th 2018
- Microsoft: Released second Patch as of January 29th 2018 - see Microsoft Security Update
- Intel: Released January 27th 2018 - see Intel
- Arm: Released January 26th - see ARM
- AMD: Covered by Microsoft, Architecture means no specific Meltdown patch needed - see AMD
- Nvidia: Driver updates for certain chip-sets available - see Nvidia
How IntelliGO Helps:
Our Managed Detection and Response (MDR) customers can leverage IntelliGO to discover missing patches and updates and give your organization an understanding of the exposure. Customers using our EDR service can also detect if this vulnerability is actively being exploited and kill processes or quarantine devices that are affected.
Download a sample of our Prevention Posture Assessment (PPA) report and find out how you can use it to determine if you have been breached or can be breached by malware.