SECURITY ADVISORY FOR MELTDOWN & SPECTRE VULNERABILITIES

By -


! SECURITY ADVISORY FOR MELTDOWN & SPECTRE VULNERABILITIES

All machines every Intel processor which implements out-of-order execution is potentially affected by Meltdown vulnerability and all modern processors (Intel, AMD, and ARM processors) capable of keeping many instructions in flight are potentially vulnerable to the Spectre vulnerability.
High level description:
MELTDOWN

The bug basically melts security boundaries which are normally enforced by the hardware. Meltdown exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords. The attack is independent of the operating system, and it does not rely on any software vulnerabilities.

SPECTRE
The name is based on the root cause, speculative execution. Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.
Detailed Description:

Questions
MELTDOWN
SPECTRE

Differences
Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory
Spectre tricks other applications into accessing arbitrary locations in their memory

Why is it called

The bug basically melts security boundaries which are normally enforced by the hardware.
The name is based on the root cause, speculative execution.
CVE
CVE-2017-5754
CVE-2017-5753 and CVE-2017-5715

Which systems are affected
Every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013).
All modern processors capable of keeping many instructions in flight are potentially vulnerable
Verified on the following
Intel processors
Intel, AMD, and ARM processors


Cloud Providers affected

Cloud providers which use Intel CPUs and Xen PV as virtualization without having patches applied. Furthermore, cloud providers without real hardware virtualization, relying on containers that share one kernel, such as Docker, LXC, or OpenVZ are affected.
NA
  
Criticality: VERY HIGH!

Systems affected:
·         Intel processors
·         AMD, and ARM processors

Note: Desktops, Laptops, Cloud Servers and Smartphones running the above-mentioned processors

Potential Impact:

MELTDOWN
ü  passwords, encryption keys, logins, credit card information can be stolen.

SPECTRE
ü  Memory of a (vulnerable) application can be read and password, logins, credit card information and any confidential data (bank A/C Number, Credit/Debit card numbers) can be accessed.

Recommendation for Network and IT Team:

v  Only Windows 10 Updates are from 04/01/2018
(ref: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4056892)
v  Check your PC OEM website for support information and firmware updates and apply any immediately. 
v  Users and admins who are comfortable editing Registry keys themselves can manually perform the task by setting the following:
Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”
Ref: https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
v  Current remediation is not available for Google Chrome an Update for Chrome is scheduled on January 23rd by Google or Firefox 57 if you use either browser.
  • Symantec has reported that updating the ERASER engine to 117.3.0 and applying Microsoft Update KB4056892 is causing system tray issues at the moment and Symantec is working on a solution to resolve the issue.

Ref: https://support.symantec.com/en_US/article.TECH248552.html
Note: Updates for other windows OS will be available soon.
References:

Ø  https://security-center.intel.com/advisories.aspx
Ø  https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
Ø  https://blog.qualys.com/securitylabs/2018/01/03/processor-vulnerabilities-meltdown-and-spectre
Ø  https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
Ø  https://developer.arm.com/support/security-update
Ø  https://www.amd.com/en/corporate/speculative-execution
Ø  https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
Ø  https://access.redhat.com/security/vulnerabilities/speculativeexecution
Ø  https://security-tracker.debian.org/tracker/CVE-2017-5754
Ø  https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
Ø  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Meltdown in Action:
Ø  https://youtu.be/bReA1dvGJ6Y
Ø  https://www.youtube.com/watch?v=RbHbFkh6eeE

Comments

Post a Comment

Popular posts from this blog

Payment Gateway Security Testing Checklist

By -
Below given are some of the possible testing scenarios, which may prove to be useful in performing payment gateway testing. Whether all the types of payment options available through the payment gateway are selectable or not.  Whether each payment option is showing its specification and requirements after being selected by the user.What happens, after the failure of the payment process or if the session ends.  To check, if the payment gateway is allowing to enter data in the blank fields of the card number, card name, expiry date and CVV number.  To examine, how the payment gateway system behaves or responds, after leaving one or more fields, blank such as leaving CVV number field, blank, etc.  Whether the user is being redirected to the application page, after the successful completion of the payment process.  Applying language change, during the payment process. Checking successful integration of
Read more

Network Security VAPT Checklist

By -
Network Security VAPT Checklist Lets talk about the scope first. If you are given a 500 machines to perform VAPT, then here is your scope. Single machine can have 65535 ports open. Any single port can deploy any service software from the world. For example FTP can be run on smartftp, pureftpd etc. Any single FTP software version (for example pureftpd 1.3.3a) can have number of vulnerabilities available. So if you multiply all of these, then it is impossible for any auditor to go ahead and probe all ports manually and find services manually. Even if he/she is able to do it, it is impossible to check all vulnerabilities that are pertaining to a single port of a single machine. Hence we have to rely on scanners such as nexpose, nessus, openvas, coreimpact etc. Here are some quick tools and test cases that one can perform on commonly found ports in the network pentest. Ø   Identify live hosts ·          Ping ·          Hping ·          Nmap Ø   Identify OS type ·
Read more

How to dump Database using Sqlmap

By -
Image
Database Dump using SQLMap Find out the parameter of application that is vulnerable to SQL injection . Vulnerable Parameter  : “User ID” Enter ‘ and then click on Submit button. will get the SQL Error. Now Intercept the Request in burp. Copy the incepted request and save it in sqlmap installed directory. Open CMD and go to the directory where SQL map is installed (C:/sqlmap) and type sqlmap.py –r sqlinjection (filename) –-dbs and then enter. (dbs is used for dump database name). Then type Y and enter. Type N and enter, it display all the database . Now we have to find out the table in database. Type sqlmap.py –r sqlinjection –D dvwa(database name) –tables.     In the above snap we got the table name in dvwa database. Then we have find out the column name. type sqlmap.py –r sqlinjection –d dvwa –T users –column. Now we are going to dump the userid and password from column. Type sqlmap.py –r sqlinje
Read more