New Vulnerabilities Disclosed– ‘Meltdown’ and ‘Spectre’

by | Jan 10, 2018 | Security

What are they and can they affect you?

These are two computer security vulnerabilities that were publicly disclosed on January 3, 2018.  Due to technical issues involved with modern processors, each of these vulnerabilities pose a potential risk for theft of sensitive user and system data that had previously been believed to be secure.  Both vulnerabilities take advantage of a feature of modern Intel CPU’s called Speculative Execution, this allows the processor to speed up branching operations by starting to execute what it thinks is the most likely outcome before the results have returned. In modern Intel processors this technique is beneficial as it significantly increases execution speed in most workloads. However, Meltdown specifically allows an attacker to exploit Speculative Execution and see the contents of Kernel space memory.  Spectre allows programs to execute code they should not be able to, and view data within other user-space programs. Any system that allows arbitrary code to be executed is potentially vulnerable to these types of attacks including javascript executed within your web browser. This is important because nearly all modern web pages utilize javascript.

These vulnerabilities also affect hypervisors, which is the technology used for Virtual Server hosting by large cloud computing providers and SpireTech’s Virtual Server hosting services.

What are the fixes

Intel has been working with major vendors over the last year to provide a patch that addresses these vulnerabilities. For most users this means that Windows update will apply a fix preventing the worst effects, and there will likely be several more refined patches related to this over the coming months. Microsoft has implemented some restrictions on what machines will receive these updates to prevent compatibility issues with antivirus software. SpireTech VIP Support customers enrolled in Sophos Endpoint, Symantec Endpoint, or Kasperksy Endpoint protection and monitoring are compatible and will receive their necessary updates.  If you are not a SpireTech VIP Support customer, this list should indicate whether your antivirus is compatible with the update. If your antivirus is not compatible then it is advised to consider replacing it for one that is compatible. For those systems that are antivirus compatible, please make sure that your antivirus software is up to date so that it will set the appropriate registry flags to indicate the system is ready for the update. One publicized potential side effect of the patches is a decrease in system performance. Intel reports that the average application can experience between 5% and 30% slowdown, however, in practice some specific workloads are reporting a dramatically worse slowdown.

What are we doing about it

A threat as dangerous as these requires a careful approach to mitigation.  SpireTech is reviewing all VIP support systems to ensure they receive the necessary patches, and implementing an accelerated patch approval and deployment schedule to push the required updates out to all client systems.  We will be running reports to identify any systems missing the required patches and remediating them as soon as possible.  All of our internal systems, including those we use to host customer Virtual Servers, either have already had or are scheduled to have their OS patched. Additionally, firmware updates will be applied as they become available from our vendors.

As this is a new class of threats software vendors and hardware manufacturers are still working to provide long term fixes to these vulnerabilities. This process is likely to go on for several months as new ways to exploit them are found.

Regarding servers hosted in the cloud, this is a good reason to “know your neighbor” and host with a provider like SpireTech, because the likelihood of an anonymous neighbor accessing your data is minimized.  Unlike big cloud players, we know and support our clients, and we only host clients we trust.

 

If you have any questions about how this might impact you or your services please feel free to contact us at 503-222-3086.