Every once in a while, there are days those of us in IT know will require extra cups of coffee to get through. The past few days have been among them, as revelations about critical vulnerabilities in microprocessors from Intel, ARM and AMD have caused quite a stir.
Dubbed Spectre and Meltdown, these vulnerabilities could potentially allow attackers to access sensitive data in protected memory by circumventing security controls.
Now for some good news: Microsoft released patches earlier this week to plug Meltdown and certain use cases of Spectre for many of their supported operating systems, but other Windows systems will need to wait until Patch Tuesday.
Now is not the time to panic. Now is the time to start building your strategy of how you will address this problem. This is made more complicated by the fact that over the last 48 hours, this story has had many twists and turns. This makes it hard for an IT shop to build the deliberate plan it will take to address these three CVEs (Meltdown: CVE-2017-5754, Spectre: CVE-2017-5753, CVE-2017-5715).
At its core, Meltdown is a vulnerability in Intel microprocessors, and permits unauthorized access to memory. The issue impacts virtually all Intel microprocessors going back to 1995. To put it mildly – the impact is far reaching, touching everyone from cloud providers using Intel CPUs to ordinary desktop users. In particular, because cloud providers allow users to share the same physical servers, the prospect of a vulnerability that allows attackers to access privileged memory – and therefore sensitive customer data – is more than enough to raise eyebrows.
The industry has been hard at work to provide updates to keep you safe. Operating systems vendors, such as Red Hat and Microsoft, have already issued patches to address Meltdown, and some of the major cloud providers including Amazon, Microsoft and Google have already begun protecting their customers as well. So far, Armor has not seen any evidence of exploitation. However, our researchers remain on guard for any indications of attacks.
What to Do
Fortunately, there are many steps organizations can take to protect themselves.
- Inventory your network to look for vulnerable systems
- Monitor vendor sites for patch availability for your installed operating systems (Note that many antivirus programs are preventing the installation of these patches. Check with your antivirus vendor for instructions if you experience installation issues.)
- Test and apply patches when available
- Scan patched systems after patch completion to confirm
- Adhere to current security best practices
Be wary of any vendors claiming to address security risks tied to this newly announced vulnerability.
Late breaking yesterday afternoon, Intel announced they have a firmware fix that will address both the Meltdown and Spector problem. I would not stop your deliberate planning to patch your environment as this information is still sketchy. The firmware update will have to go to the hardware vendors who will need time to test on their products before releasing to their customer base. This could take days, weeks, or months, depending on the vendor.
As always, Armor will keep you posted as more information about the vulnerabilities becomes available.
For more technical details on the Meltdown vulnerability, read our Meltdown Response Kit.
To read information on the Spectre vulnerability, read our Spectre Response Kit.