SECURITY ADVISORY FOR MELTDOWN & SPECTRE VULNERABILITIES
! SECURITY ADVISORY FOR MELTDOWN & SPECTRE VULNERABILITIES
All machines every Intel processor which implements out-of-order
execution is potentially affected by Meltdown vulnerability and all modern
processors (Intel, AMD, and ARM processors) capable of keeping many
instructions in flight are potentially vulnerable to the Spectre vulnerability.
High level description:
MELTDOWN
The bug basically melts
security boundaries which are normally enforced by the hardware. Meltdown
exploits side effects of out-of-order execution on modern processors to read
arbitrary kernel-memory locations including personal data and passwords. The
attack is independent of the operating system, and it does not rely on any
software vulnerabilities.
SPECTRE
The name is based on the root cause, speculative execution. Spectre
attacks involve inducing a victim to speculatively perform operations that
would not occur during correct program execution and which leak the victim’s
confidential information via a side channel to the adversary.
Detailed Description:
|
Questions
|
MELTDOWN
|
SPECTRE
|
|||
|
Differences
|
Meltdown breaks the mechanism that keeps applications from accessing
arbitrary system memory
|
Spectre tricks other applications into accessing arbitrary locations
in their memory
|
|||
|
Why is it called
|
The bug basically melts security boundaries which are normally
enforced by the hardware.
|
The name is based on the root cause, speculative execution.
|
|||
|
CVE
|
CVE-2017-5754
|
CVE-2017-5753 and CVE-2017-5715
|
|||
|
Which systems are affected
|
Every Intel processor which implements out-of-order execution is
potentially affected, which is effectively every processor since 1995 (except
Intel Itanium and Intel Atom before 2013).
|
All modern processors capable of keeping many instructions in flight
are potentially vulnerable
|
|||
|
Verified on the following
|
Intel processors
|
Intel, AMD, and ARM processors
|
|||
|
Cloud Providers affected
|
Cloud providers which use Intel CPUs and Xen PV as virtualization
without having patches applied. Furthermore, cloud providers without real
hardware virtualization, relying on containers that share one kernel, such as
Docker, LXC, or OpenVZ are affected.
|
NA
|
Criticality:
VERY HIGH!
Systems
affected:
·
Intel processors
·
AMD, and ARM processors
Note: Desktops, Laptops, Cloud
Servers and Smartphones running the above-mentioned processors
Potential
Impact:
MELTDOWN
ü passwords, encryption keys, logins, credit card
information can be
stolen.
SPECTRE
ü Memory of a (vulnerable)
application can be read and password, logins, credit card information and any
confidential data (bank A/C Number, Credit/Debit card numbers) can be accessed.
Recommendation
for Network and IT Team:
v Only Windows 10 Updates are
from 04/01/2018
v Check your PC OEM website for
support information and firmware updates and apply any immediately.
v Users and admins who are
comfortable editing Registry keys themselves can manually perform the task by
setting the following:
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”
v Current remediation is not
available for Google Chrome an Update for Chrome is scheduled on January 23rd
by Google or Firefox 57 if you use either browser.
- Windows Antivirus patch compatibility: https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true
- Symantec has reported that updating the ERASER engine to 117.3.0 and applying Microsoft Update KB4056892 is causing system tray issues at the moment and Symantec is working on a solution to resolve the issue.
Note: Updates for
other windows OS will be available soon.
References:
Meltdown in Action:
Comments
Post a Comment