Provista advise on Meltdown and Spectre Vulnerabilities
As you are probably already aware, there is a design flaw that exists in modern CPUs that may lead to information disclosure.
These vulnerabilities have been identified as Spectre and Meltdown CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754:
What is Meltdown / Spectre?
Meltdown’ and ‘Spectre’ are two related, side-channel attacks against modern CPU microprocessors that can result in unprivileged code reading of data that it should not be able to. Most devices from desktop, laptops, smartphones to hardware in data centers could be vulnerable to some extent.
What are the vulnerabilities?
Processors in most devices employ a range of techniques used to speed up their operation. The Meltdown and Spectre vulnerabilities allow some of these techniques to be abused in order to obtain information about areas of memory that are not normally visible to an attacker. This could include secret keys or other personal/sensitive data.
What is the impact?
In the worst case, code running on a device can access areas of memory it does not have permission to access. This can result in compromise of sensitive data, including secret keys and passwords as mentioned above.
The major cloud service providers are installing fixes on their own platforms. However, in a virtualized environment, fixes are required for both the hypervisor and guest virtual machines. Therefore, when using Infrastructure as a Service (IaaS), you will need to update the operating systems of any virtual machines and container base images that you manage.
Data Centers/ Servers
Operating systems and hypervisors need patches as does the firmware of the physical machines you are running. The major equipment manufacturers (OEMs) are producing patches and its recommended that you obtain these directly from the OEM.
End User devices
Operating System vendors have produced or currently working on patches which mitigate against these issues, though some parts of the patches need to be installed via the equipment manufacturer (OEM) as they contain platform-specific elements. This means that it’s not sufficient just to update the operating system – you will need to check that the underlying firmware is also up to date.
Provista has recommended that customers patch there devices and applications as soon as updates become available. We also recommend that home users enable automatic updates so that future security measures are installed automatically for you. The major operating system vendors have produced patches which mitigate these issues. You are recommended to install these as soon as possible.
As well as updating your operating system (e.g. Cisco, Windows, Apple) you may need to apply patches specific to your devices. Details of the patches are typically available on the manufacturer’s website. Applications such as web browsers and office productivity software may also need patching. Major vendors are starting to make these available.
Windows users should note that you may need to update antivirus products before you can successfully install the Windows update that addresses these vulnerabilities. Microsoft’s information about antivirus products affecting application of the Windows update can be seen here and in the table below.
Link to advice material
|VMWare||Customer advice / Additional information|
|Extreme Networks||Meltdown advice / Spectre advice|
|Microsoft||Customer advice / Antivirus advice|
|Intel||Customer advice / Summary|
|Other sources||General guidance|
Additional Cisco Note: Cisco Talos have released IPS rules to detect attacks targeting these vulnerabilities and are identified with GID 1, Snort IDs 45357 through 45368.
We recommend customers with a Cisco IPS / Firesight solution ensure the above snort rules (45357 – 45368) are active on your IPS / Firesight system and are all set to alert and drop traffic matching these snort ID’s
If you have any specific concerns that you would like to discuss further, please get in contact with our Security Team or using the contact details below.