Despite all forecasts in cyber security for 2018., nobody could forseen that this year is going to start with one of the biggest security oversights ever. Recently all leading security vendors started rolling out patches addressing design flaws in processor chips that security researchers named Meltdown and Spectre.
Vulnerabilities mentioned above are targeting specific computers' processors, in a way that they abuse optimizational techniques of data processing.
Modern processors are designed to perform “speculative execution.” This means it can “speculate” the functions that are expected to run, and by queuing these speculations in advance, they can process data more efficiently and execute applications/software faster. It’s an industry technique used to optimize processor performance. However, this technique permits access to normally isolated data, possibly allowing an attacker to send an exploit that can access the data.
EMC is providing you more information about these vulnerabilities, and ways to address them properly.
Meltdown, designated as CVE-2017-5754, can enable hackers to gain privileged access to parts of a computer’s memory used by an application/program and the operating system (OS). Meltdown affects Intel processors.
Spectre, designated as CVE-2017-5753 and CVE-2017-5715, can allow attackers to steal information leaked in the kernel/cached files or data stored in the memory of running programs, such as credentials (passwords, login keys, etc.). Spectre reportedly affects processors from Intel, Advanced Micro Devices (AMD), and Advanced RISC Machine (ARM).
While Meltdown is related to the way privileges can be escalated, and Spectre entails access to sensitive data that may be stored on the application’s memory space, impact is very powerful.
Desktops, laptops, and smartphones running on vulnerable processors can be exposed to unauthorized access and information theft. Cloud-computing, virtual environments, multiuser servers—also used in data centers and enterprise environments—running these processors are also impacted.
Intel and Google reported they have not yet seen attacks actively exploiting these vulnerabilities so far. After vulnerabilities are discovered, all leading software vendors are constantly working to make patches to protect their users.
Microsoft has already made certain patches and proposals for protecting Windows 10 computers from this vulnerability, but first, it is neccessary to check compatibility of new update with installed antivirus program, and add new registration key following the published manual so the patch would be available in case of automatic updating.
Google has also published security patch Android which covers updates that can limit exploits additionally, which can be used by Meltdown and Specter. Apple's MacOS is fixed in version 10.13.2, while the 64-bit ARM kernels are also updated.
VMware has also published its own recommendations.
Mozilla, whose team confirmed there were vulnerabilities on this web browser, fixed the problem with Firefox 57.
Many security vendors are also trying to protect their users from potential exploits who could use these vulnerabilities, but also be compatible with constant updates of operating systems with the most recent security patches.
Trend Micro, as one of the leading security vendors, detects the proof-of-concept exploits targeting Spectre (CVE-2017-5753) as TROJ64_CVE20175753.POC. Trend Micro TippingPoint customers are protected from threats that may exploit the vulnerabilities via these MainlineDV filters: 30191. Also, Trend Micro security solutions are compatible with the most recent security updates of Windows operating systems.
EMC team, with 10-years long experience of IT infrastructure is on your disposal for any additional information and advices for protecting your organization from potential attacks, so feel free to contact us any time!