Spectre and Meltdown Haunt CPUs Everywhere – What to Know and What to Do

TL;DR – Spectre and Meltdown are two recently announced vulnerabilities that allow private data to be accessed by otherwise unauthorized applications. Patches are coming out to mitigate risks, but these may also affect the speed of your devices and systems. Our recommendation is to hold off on updates, first updating any antivirus engines when Spectre/Meltdown updates emerge, and only after that executing system updates, backing up all data at each step to ensure no data is compromised.

Where do Spectre and Meltdown Come From?

Spectre and Meltdown are vulnerabilities based on Speculative Execution. Speculative Execution is a process by which CPUs make educated guesses on the outcomes of certain processes so that they can execute subsequent processes in advance. The information used and generated by that speculative execution is stored on memory local to the CPU, instead of referring to the general memory or RAM of a computer that the CPU may be on, which is – relatively speaking – much further away.

This process is generally advantageous because it allows computers to generate outcomes for certain processes much faster than they would have if they were not able to make assumptions about their outcomes. The general convention has been to leave the data left on this local cache untouched until it is overwritten by a later process that needs the space, once the previous use of the cache is completed (or the cache data is discarded because of an outcome different to that which the processor based its speculative execution on). This has been a common practice in processing since the 1960s, when data leakage and unauthorized access via a local cache wasn’t a concern. Now that virtually all processors are running multiple processes and environments at any given time, and are also exposed to networks and the internet in general, the risk is much higher.

For instance, while no known exploit of these vulnerabilities yet exists, it is conceivable that if you were running a web browser on a page with malicious script at the same time as you were doing online banking, or running another application that processes sensitive data, that malicious script could access any processor cache information that has yet to be overwritten, meaning usernames, passwords, and account data could be accessed. It should be noted that Meltdown is perhaps more concerning as it also permits Kernel memory from being accessed, offering more data out of what’s available between the interface of applications and the CPU, memory and other device components. Additionally, while Spectre is a vulnerability present in almost all modern processors, Meltdown is only present in modern Intel processors.

For a deeper dive, check out Dr Steve Bagley of ComputerPhile’s summary on Spectre & Meltdown.

What is the Response?

Companies like Microsoft, Apple and more are rapidly rolling out patches to mitigate the potential damage from these vulnerabilities, and they have had more than a year to prepare them since the vulnerabilities became apparent to major threat intelligence groups. These are fairly significant and systematic updates whose results will long need to be negotiated and improved upon, as they involve the complex tasks of redoing memory mapping to separate kernel memory from user memory, and also redoing logic of memory usage within CPUs.

What’s more, some Microsoft updates have rendered devices inactive, which Microsoft is attributing to faulty documentation from AMD on its chips. If cooperation and consistency becomes an issue between chip makers and software providers, this story will take much longer to play out, and leave more and more devices vulnerable if that first major exploit does come along.

And the Implications?

Ultimately, the workloads of processors will suffer, possibly by as much as 30% in some cases. Intel is emphasizing efficient resolution to the problem, but is still admitting that there will be a significant impact on workloads (while the CEO’s recent stock-selloff might indicate something about his confidence in the outcomes that will follow these vulnerabilities’ disclosure).

Given that the vulnerability was discovered by multiple research groups within months of one another, there is also some concern that the NSA may be aware of and weaponized the vulnerability at some point, meaning that that weaponization could have made its way out to other threat groups if ever it escaped the NSA’s grasp.

There may also be concerns for how computer engineering is done in general, or at least by Intel. The typical ethic is to take no action where none is needed, but there is no foolproof methodology to anticipate security concerns, meaning redundant precautions and siloing may play more of a role than ever before in chip development and other processes, likely further costing processor speed as a result.

What To Do – Our Recommendation

Our recommendation, as mentioned above, is to await and execute anti-virus updates related to spectre BEFORE executing any system or OS-level updates, backing up your systems and devices at each interval to secure against data loss. We recommend this on the basis of Microsoft’s new requirements for AV registry keys, as apocryphal AV references to memory locations are causing “Blue Screen of Death” errors, rendering devices unusable. This is occurring because memory locations are changing with Meltdown fixes, thus programs referencing moved memory locations will cause reboot loops on devices.

Aside from this, there isn’t much else that the individual administrator needs to do for now to address this specific security issue. While a threat that successfully leverages these exploits has yet to emerge, it is better to hedge against the possible surprise of one emerging, whenever it does come.

For more about Meltdown and Spectre in general and how it affects modern processors, visit www.meltdownattack.com.


The post Spectre and Meltdown Haunt CPUs Everywhere – What to Know and What to Do appeared first on Vircom | Email Security Experts.

This is a Security Bloggers Network syndicated blog post authored by Deeptiman Jugessur. Read the original post at: Vircom | Email Security Experts