Meltdown and Spectre: everything you need to know

Matthew Flanagan tells you everything you need to know about Meltdown and Spectre attacks – and everyone needs to pay attention!

What is Meltdown and Spectre?

The Meltdown and Spectre attacks exploit a feature in modern CPU’s called speculative execution to retrieve sensitive information from memory that belongs to other applications or the operating system kernel. This information may contain things such as passwords, SSL certificate private keys, or personally identifiable information.

In order to exploit the vulnerabilities, the attacker must already have local access to the system to run their malicious code. For servers, this would generally require using stolen user credentials or gaining access via other unpatched vulnerabilities. In addition, for user endpoint devices, the web browser’s JavaScript engine could be used to launch the attack if a user accessed a site hosting malicious content. Browser vendors are rolling out various mitigations for this already.

With the looming 22 February start date for Mandatory Data Breach Notifications scheme, this is yet another reminder of the importance of having a breach response process in place.

Am I more at risk if I use cloud services such as Amazon, Azure or RedSky?

The attacks may allow for a malicious guest virtual machine running on a shared hypervisor to access sensitive data in another guest virtual machine, belonging to another tenant.

The top tier cloud providers have already patched their hypervisors. CSA’s RedSky environment was patched back in November 2017 as part of our regular patch management schedule.

Guest virtual machines will still require their operating specific patches to be applied for full protection.

What do I need to do?

To be covered for this and other security vulnerabilities your organisation should ensure that they have robust automated patch management processes and systems in place that apply security updates in a timely manner. As always, stay patched, stay current!

For the Meltdown and Spectre attacks, the mitigations are specific to each operation system vendor and platform. CPU’s from Intel, AMD and ARM are vulnerable as are the Android, Linux, Apple IOS and macos, and Windows operating systems. So you need to pay attention to instructions relevant to your environment. It’s important that you have a full backup of your systems and data prior to any patching.

For supported Microsoft Windows operating systems customers, you need to:

  • Verify that you are running a supported antivirus application before you install operating system or firmware updates.
  • Apply all available Windows operating system updates, including the January 2018 Windows security updates.
  • Apply the applicable firmware update that is provided by the device manufacturer.

In some cases, some manual actions may be required to activate the protections once the patches are applied.

In future, chip manufacturers may release new CPU’s that directly address these vulnerabilities. Customers should keep this in mind when considering a hardware refresh.

What are the performance impacts?

It has been reported that the patches for the Meltdown attack can impact the performance of a system by 5-30% depending on the type of workload. It’s important for you to consider security versus performance in your assessment – and that is something that we can help you with.

 

How can CSA help?

For assistance in assessing your organisations particular environment contact us using the form below to help you to:

  • Develop a mitigation plan to address Meltdown/Spectre,
  • Put in place patch management processes and systems to address future security vulnerabilities; or
  • Take care of the above for you as an ongoing managed service, having industry-leading security specialists proactively managing your environment and giving you peace of mind.

 

 

Further Reading

About the Authors

Matthew Flanagan is Platform Lead – Network and Security at CSA. Matt has over 20 years industry experience in a wide range of technologies focused around Internet and enterprise infrastructures. He specialises in Internet infrastructures, UNIX, security, network architecture and design. Matthew is a Member of the GIAC Advisory Board and holds the GIAC GXPN Certification for Exploit Research and Advanced Penetration Testing.

Matthew Flanagan

Platform Lead - Network and Security, CSA