On January 2, 2018 a major vulnerability was disclosed that impacts nearly all end user and server technology in use today. This notice is meant to urge you to pay special attention to systems that are impacted, as many will require out-of-cycle intervention. If you are running systems that are highly secure and they have not been patched, consider an immediate removal from production until the vulnerabilities can be resolved and systems cleared.
This post is not meant to be a comprehensive aggregation of information. You can find several reference links at the bottom with more up-to-date information. Several updates will be made to this article in the coming days for specific information around our primary technology partners.
What You Should Do
First of all, don’t panic. Responsibly react and respond. Stay informed and dig into what’s critical to you and get to patching. We’re talking device firmware, operating system software and application software. Again, don’t sit and wait. Admins must intervene to protect your digital assets.
Vulnerability Summary
Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) also known as Meltdown and Spectre affect many modern microprocessors. Processors have a separate kernel memory area that is meant to be protected. Methods have been found that permit user programs to access the contents of these protected memory areas. The kernel is the core of the operating system, giving full control to everything in the system and must remain protected.
Impact
Meltdown deals with all Intel processor technology since 1995, excluding Itanium and Atom (pre 2013). The Spectre vulnerability is much broader and impacts most modern CPU architectures including AMD and ARM (mobile technology). Vendors have known about and have been working on the vulnerabilities for some time.
But the nature of the vulnerability will require physical chip replacements or at least OS/application level software patches to protect against the vulnerability. Patches to operating systems will guarantee the flushing of memory space and maintain security, but they come at an expensive, context-switching overhead cost. This overhead will result in a measurable slow down on most systems.
You can find more information on the overall impact here.
Antivirus Software Special Note on Microsoft Windows
Some antivirus software vendors were making use of unsupported calls into Windows kernel memory. These calls were causing systems to have unexpected behavior including stop errors and blue screens. As such, Microsoft added a registry key that will be required to be present before the patches will install. Ensure your Antivirus vendor sets this key, or that they are compatible, and set the key manually. Exercise caution with setting this key and registry changes in general.
- ESET update information can be found here.
- Sophos update information can be found here.
- Find more registry key information here.
- More information on antivirus vendor tracking from Kevin Beaumont here.
Links to Some Major Supported Vendors Responses
- Microsoft Windows Server
Action: Install patches as soon as available. - VMware Hypervisors
Action: Install patches as soon as possible. - Dell-EMC
Action: Implement system firmware, and BIOS updates. - Microsoft Windows Clients
Action: Install patches as soon as possible. - Red Hat
Action: Install patches as soon as possible. - Citrix XenServer
Action: Install patches as soon as possible. - Apple
Action: Install patches as soon as possible. - Android
Action: Install patches as soon as available. - Other? Check Meltdownattack.com and Reddit for updates.
Virtual or Hosted Platform?
If you’re in a hosted or cloud environment, in addition to fixing the operating systems you manage, check with you provider as soon as possible to ensure they have patched the vulnerabilities. The biggest issues are with the lowest-level operating system code, and the hypervisors are at risk.
Need Help?
The engineers at InterWorks are here to help you navigate through this. Please reach out to your normal contacts and account managers or contact us directly. We are here to assist you!