<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=446209&amp;fmt=gif">

WEI Customer Advisory: The Meltdown and Spectre Vulnerabilities

  David Fafel     Jan 05, 2018

WEI is awaaddressing-meltdown-and-spectrere of the new vulnerabilities related to Intel and other CPUs which could potentially allow an attacker to gather privileged information from CPU cache and system memory, putting enterprise security at risk. The vulnerabilities are code named “Meltdown” and “Spectre." The “Meltdown” issue is reported to only affect Intel CPUs while “Spectre” is reported to affect Intel, AMD, and ARM. The impact of these vulnerabilities could extend back to CPUs from as early as 1995 (in the case of Intel).

The fix for Meltdown (so far) are patches (OS and potentially, firmware) which will prevent or limit Speculative Execution. At a very high level, Speculative Execution is the CPU's function of guessing what code it will need next and running it in anticipation of a request. In some cases, when the CPU guesses wrong, it doesn’t always put back the code it thought it would need—in other words, it doesn’t clean up after itself. That code, which could be passwords, can then be requested by another process because it's kind of just sitting there, waiting to be picked up.

Helpful Links

For more information on the exploits, WEI recommends visiting the following links:

 

Fixes & Patches

Most fixes will come in the form of OS patches. Microsoft has already released patches for Windows, IE, Edge, and SQL. The Linux kernel was updated to eliminate the Meltdown vulnerability in November. (Linux Distros are responsible for releasing their own patches.) Apple released a MacOS update in December to address the conditions presented in Meltdown.   

That said, it’s very likely hardware manufacturers will release firmware updates as well. As many appliances, controllers, switches, SANs, and other devices run Linux variants and/or Intel and AMD processors, customers should be aware that OEMs may soon be releasing updates for these devices as they assess their product vulnerabilities. WEI has been notified of some firmware updates related to these vulnerabilities (see the HPE link below), and will pass along information to our customers as we receive new notifications. However, we advise all of our customers to work with their OEMs as well, for the latest information on their products.

For more info on recent patches, see some of the links below. Please note this list is not exhaustive and new updates are being released constantly. 


  Operating System Version   Update KB
  Windows 10 version 1709   4056892
  Windows Server 2016, Windows 10 version 1607   4056890
  Windows Server 2012 R2 Standard, Windows 8.1   4056898
  Windows Server 2008 R2, Win 7 SP1   4056897

*Other updates including application specific updates could be available

 

Performance issues related to patches

At this time performance issues related to patches have been estimated to potentially cause between 5% to 30% performance impact. As the nature of some patches will be to prevent or eliminate speculative execution (which had increased performance over native execution processes), it's not unreasonable to expect some performance issues. If a particular compute environment is currently running at very high utilization rates for the platform, or if a heavily consolidated or virtualized environment with sharp peak loads experiences a burst, it is possible performance degradation could be noticed.

Unfortunately, the level of performance degradation will be heavily dependent on the OS type, patch solution / strategy, and other updates such as firmware or application specific patches. At this time, WEI can’t speculate on the specific impact to any particular environment.

Important to Note...

WEI is not aware of any clients who have been exploited by these vulnerabilities. It should be noted too that OEMs have stated that to exploit these vulnerabilities, access to the OS kernel would be required, or malware run via java script in a browser. There may be other ways to exploit these vulnerabilities. Therefore, it is recommended that all available patches for OS and web browsers are tested and implemented as soon as possible. For example, a FAQ on Intel’s website regarding Speculative Execution and “side-channel” cache access, asks:

Q: Can these new exploits be enabled remotely?

A: No. Any malware using this side channel analysis method must be running locally on the machine. Following good security practices that protect against malware in general will also help to protect against possible exploitation until updates can be applied.

It should also be noted that most patches appear to be addressing “Meltdown” and some of “Spectre” (Spectre has two specific vulnerabilities identified). The prevailing thought about Spectre is that to resolve some of this particular vulnerability may require new hardware development and changes.

Even if no patches are available for a particular environment at this time, WEI recommends maintaining good security policies and programs to protect against attacks, intrusions, and exploits, including these potential vulnerabilities.

CONTACT WEI

As a trusted IT provider, WEI will stay engaged on this topic and help ensure optimal enterprise security for each of our clients.

Please reach out to WEI with any questions or concerns about these exploits, patches, and any fixes or other concerns you may have. The WEI team stands ready and committed to help in any way we can.

Contact us

Tags  cyber security enterprise security Intel IT Security

David Fafel

Written by David Fafel

David Fafel, Chief Architect, leads WEI’s long-term technology vision, and is responsible for spearheading development of complex solutions, architecture, as well as application development. David engages with our clients to drive technology design across datacenter environments, cloud architecture and IT strategy. David holds several technical certifications from HP, Cisco, IBM and other leading technology innovators.

About WEI

WEI is an innovative, full service, customer-centric IT solutions provider. We're passionate about solving your technology challenges and we develop custom technology solutions that drive real business outcomes.

Subscribe to WEI's Tech Exchange Blog


Categories

see all
Contact Us