Following the building cadence of historic and systematic cybersecurity threats over the last few years, 2018 started off with announcements of critical vulnerabilities that affect machines with Intel processors, AMD and ARM processors. These include servers, desktop PCs, laptops, mobile devices and cloud implementations (i.e., Virtual machines). The vulnerabilities are known as “Meltdown” (CVE-2017-575) and “Spectre” (CVE-2017-5753 and CVE-2017-5715).
The Threat:
Exploiting these vulnerabilities will allow an attacker to access kernel memory, thereby enabling them access to confidential information such as passwords. This data can be used as stepping stones for more intrusive attacks, allowing the attacker to have full control of the device potentially. Since the exploits will run with no traceable elements, the attack will be virtually undetectable.
While the vulnerability is pressing and requires prioritized attention, the exploitation of Meltdown and Spectre need local access to the machine and the ability to execute crafted code on the affected device. Where the underlying CPU and OS combination in a product may be affected by these vulnerabilities, most security appliances are hardened, rendering it more difficult to exploit these devices. The most susceptible are user endpoints devices.
Recommendations:
As with most vulnerabilities, Align advises that proper patching processes are the best defense against Meltdown and Spectre.
Patching should be prioritized for endpoints, IoT devices and mobile devices as they are most likely to be targeted and compromised.