2018 really started with a bang for those of us who report on cybersecurity: Meltdown was one of the major CPU vulnerabilities which became public knowledge right at the beginning of the year.
Here’s my vague explanation of Meltdown from January 5th:
“One of the cool things about modern CPUs is that they’re designed to do some speculative execution. By trying to prepare possible calculations that the CPU may need to execute ahead of time, your computer may be made more efficient. If you’re used to programming in languages like Python, you can think of it like the CPU has already figured out every ‘else’ and ‘elif’ for any ‘if’ that comes its way.
Unfortunately, speculative execution taxes the CPU a little bit, even if it has eight cores and loads of cache. Although speculative execution can greatly reduce the time to do some future calculations, it can make some earlier related calculations take longer. In that time, exploit code may be able to infer properties of different processes it otherwise wouldn’t have access to. The data leakage could involve any sort of sensitive data that goes through the CPU. That could include things like encryption keys, cleartext, and passwords. Meltdown affects most Intel x86-64 processors and some high-performance ARM processors.”
The Meltdown story is huge for two reasons.
One is the number of computing devices worldwide that were impacted by the vulnerability. Intel x86, some IBM POWER CPUs, and many ARM CPUs continue to be affected. That means pretty much everyone from the enterprise to institutions to ordinary consumers uses at least once device that’s vulnerable to the Meltdown exploit.
The second reason why the Meltdown news was huge is because of how fundamental the vulnerability is. Patching a vulnerability that purely exists in an application or (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Kim Crawley. Read the original post at: https://threatvector.cylance.com/en_us/home/windows-7-meltdown-patch-complications.html