Meltdown and Spectre Vulnerability Information

News

Meltdown and Spectre Vulnerability Information

On January 2, 2018 a major vulnerability was disclosed that impacts nearly all end user and server technology in use today. This notice is meant to urge you to pay special attention to systems that are impacted, as many will require out-of-cycle intervention. If you are running systems that are highly secure and they have not been patched, consider an immediate removal from production until the vulnerabilities can be resolved and systems cleared.

This post is not meant to be a comprehensive aggregation of information. You can find several reference links at the bottom with more up-to-date information. Several updates will be made to this article in the coming days for specific information around our primary technology partners.

What You Should Do

First of all, don’t panic. Responsibly react and respond. Stay informed and dig into what’s critical to you and get to patching. We’re talking device firmware, operating system software and application software. Again, don’t sit and wait. Admins must intervene to protect your digital assets.

Get Help Now

Vulnerability Summary

Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) also known as Meltdown and Spectre affect many modern microprocessors. Processors have a separate kernel memory area that is meant to be protected. Methods have been found that permit user programs to access the contents of these protected memory areas. The kernel is the core of the operating system, giving full control to everything in the system and must remain protected.

Impact

Meltdown deals with all Intel processor technology since 1995, excluding Itanium and Atom (pre 2013). The Spectre vulnerability is much broader and impacts most modern CPU architectures including AMD and ARM (mobile technology). Vendors have known about and have been working on the vulnerabilities for some time. 

But the nature of the vulnerability will require physical chip replacements or at least OS/application level software patches to protect against the vulnerability. Patches to operating systems will guarantee the flushing of memory space and maintain security, but they come at an expensive, context-switching overhead cost. This overhead will result in a measurable slow down on most systems.

You can find more information on the overall impact here

Antivirus Software Special Note on Microsoft Windows

Some antivirus software vendors were making use of unsupported calls into Windows kernel memory. These calls were causing systems to have unexpected behavior including stop errors and blue screens. As such, Microsoft added a registry key that will be required to be present before the patches will install. Ensure your Antivirus vendor sets this key, or that they are compatible, and set the key manually. Exercise caution with setting this key and registry changes in general.

  • ESET update information can be found here.
  • Sophos update information can be found here.
  • Find more registry key information here.
  • More information on antivirus vendor tracking from Kevin Beaumont here

Links to Some Major Supported Vendors Responses

Virtual or Hosted Platform?

If you’re in a hosted or cloud environment, in addition to fixing the operating systems you manage, check with you provider as soon as possible to ensure they have patched the vulnerabilities. The biggest issues are with the lowest-level operating system code, and the hypervisors are at risk.

Need Help?

The engineers at InterWorks are here to help you navigate through this. Please reach out to your normal contacts and account managers or contact us directly. We are here to assist you!

More About the Author

Daniel Holm

Director of Enterprise Solutions
VMware 5.5 Support Is Ending Soon, Upgrade to 6.5 Today The general support timeframe for VMware vSphere 5.5, including both ESXi and vCenter, ends later this year – specifically, September ...
Meltdown and Spectre Vulnerability Information On January 2, 2018 a major vulnerability was disclosed that impacts nearly all end user and server technology in use today. This notice ...

See more from this author →

Subscribe to our newsletter

  • This field is for validation purposes and should be left unchanged.