4 Days into New Year and we have Meltdown and Spectre - impacting almost all computers - leaking passwords and sensitive data | News

4 Days into New Year and we have Meltdown and Spectre - impacting almost all computers - leaking passwords and sensitive data

It didn't take long - just four days for a serious vulnerability to be exposed. Let's welcome Meltdown and Spectre to 2018 (I do love whoever named these). We have been advised that there is a reported design flaw in Intel processors, hence a widespread vulnerability that affects most computers worldwide.

 

Meltdown and Spectre used by an appropriate attacker can be executed on desktop machines, laptops, mobile devices as well as the cloud. What does this mean to the average individual or corporations....if your computer has a vulnerable processor and runs an unpatched operating system, DO NOT work with sensitive information - either on your PC or in the cloud. Their is a chance that your sensitive information could be leaked. Meltdown basically allows a program to access memory, and thus also the secrets of other programs and the operating system.

Spectre requires a more skilled Cyber criminal to attack. What Spectre does however is not good - essentially Spectre forces an application to share its secrets. It impacts Intel, AMD and ARM processor on desktops, laptops, cloud servers and smartphones.

 

What to do

Patch - we've said it before and we will say it again....PATCH! Microsoft released an emergency patch for windows late today.

 

Technical Info

Product: Intel

CPU Chip Operating

System: Windows UNIX variants (UNIX, Linux, OSX)

Impact/Access: Access Privileged Data -- Existing Account Resolution:

Patch/Upgrade

 

Overview: A side-channel attack on the Intel CPU chip allows for kernel memory to be accessed from user space. The current specifics are under embargo and are expected to be lifted by the end of this month. Operating systems known to be affected are those relying on the speculative table lookup feature for its operation. OS that are known to be impacted are: o Microsoft OS o Linux Based OS o Mac OS

 

Impact: Access to privileged kernel data has been Researched, and proof of concept has been demonstrated. This includes data that is not meant to be accessible from user space such as cached encryption keys, passwords, session keys, and other sensitive information. Currently an existing user requires to launch a program, as per proof of concept, but this may be perform by tricking users to click on code sent via channels such as attachments to emails. All operating systems that rely on the speculative table lookup feature on vulnerable Intel Hardware is expected to be affected. Cloud Services that are built on top of these affected operating systems are also expected to be affected as patches are rolled outas of this Friday for Azure and, Amazon EC2

 

Mitigation: It would be advisable to enact patching procedures patches as soon as the patches have been released for your impacted Operating systems. Applying the patch is expected to reduce performance estimated from17%-23%. Cloud Service Clients Cloud service clients will need to reboot their virtual machines after the service provider has patched. The exact timing should be communicated to clients by the provider. Microsoft A patch is stipulated to be released in the next Patch Tuesday. Linux Patch code has been made available. Yet, distribution of the kernel patch, as a normal update, is currently being rolled out. MacOS An unofficial word of the "Double Map" patch is said to be available since 10.13.2

 

Patch

Microsoft:

https://portal.msrc.microsoft.com/

If you need technical assistance - you can call Security in Depth's 24/7 Security Operating Centre on +61386781818 or email research@securityindepth.com.au