A non-technical explanation and actionable remedial recommendations.
Following the building cadence of historic and systematic cybersecurity threats over the last few years, 2018 started off with announcements of critical vulnerabilities that affect machines with Intel processors, AMD and ARM processors. These include servers, desktop PCs, laptops, mobile devices and cloud implementations (i.e., Virtual machines). The vulnerabilities are known as “Meltdown” (CVE-2017-575) and “Spectre” (CVE-2017-5753 and CVE-2017-5715).
The Threat:
Exploiting these vulnerabilities will allow an attacker to access kernel memory, thereby enabling them access to confidential information such as passwords. This data can be used as stepping stones for more intrusive attacks, allowing the attacker to have full control of the device potentially. Since the exploits will run with no traceable elements, the attack will be virtually undetectable.
While the vulnerability is pressing and requires prioritized attention, the exploitation of Meltdown and Spectre need local access to the machine and the ability to execute crafted code on the affected device. Where the underlying CPU and OS combination in a product may be affected by these vulnerabilities, most security appliances are hardened, rendering it more difficult to exploit these devices. The most susceptible are user endpoints devices.
Recommendations:
As with most vulnerabilities, Align advises that proper patching processes are the best defense against Meltdown and Spectre.
- Apply operating systems patches as they become available (Microsoft, Linux and Mac OS).
Please note:
- There are some known issues with many of the antivirus systems with the Microsoft patch: https://support. microsoft. com/en-gb/help/4072699/important-information-regarding-the-windows-security-updates-released. You should check with your endpoint protection vendors on the proper procedures to implement the MS updates.
- Some older generations of processors (over 3 years old) may experience performance degradation after applying the patches.
Patching should be prioritized for endpoints, IoT devices and mobile devices as they are most likely to be targeted and compromised.
- While common cloud platforms such as Azure, AWS and Google Cloud Platform have been working with OS providers to patch the underlying cloud infrastructure, users still need to patch machines that they are responsible for in the cloud.
- Intel stated that they will be releasing firmware updates soon. These will be deployed by your endpoint vendor (e.g. Lenovo, Dell, HP, etc.). You should reach out to your endpoint manufacturer for firmware updates.
- Mozilla Firefox has released a fix in Firefox version 57 and up. Google Chrome will be releasing an update on January 23. In the meantime, Google has a feature called site isolation that is disabled by default. Organizations can find the instructions for this feature here: https://support. google. com/chrome/answer/7623121?hl=en
For additional information or questions please reach out to our Service Desk via phone +1 800-877-9980 or email itservicedesk@align.com.
