The ongoing saga of the Spectre and Meltdown vulnerabilities has just taken a new turn. Discovered by Google Project Zero (GPZ) with the help of others, the attacks affected everything from desktops, laptops and mobile devices to infrastructure-as-a-service. These flaws are present in nearly all modern microprocessors and could allow an attacker to access privileged memory by abusing a feature called speculative execution. We’ve been following the ongoing developments of these vulnerabilities from their first disclosure back in January 2018. The vulnerability has continued to evolve – variants of Spectre have surfaced utilizing the speculative execution or side-channel attack method called CVE-2018-3639 and less dangerous CVE-2018-3640.
The new derivatives are called Variant 3a (Rogue System Register Read (RSRE)) and Variant 4 (Speculative Store Bypass) and were discovered and jointly released by GPZ and Microsoft’s Security Response Center (MSRC).
According to CERT, Side-Channel Vulnerability Variants 3a and 4 may allow an attacker to obtain access to sensitive information in affected systems. Many companies like Intel, Red Hat and Microsoft have issued updates to patch the vulnerability. But the fixes haven’t always worked as intended, and some have experienced computer problems.
Moving quickly, Intel has already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors. And they expect it will be released into production BIOS and software updates over the coming weeks. This mitigation will be set to off by default, providing customers the choice of whether to enable it. With the configuration set to off, they have observed no performance impact. However, if enabled, they observed a performance impact of approximately two to eight percent based on overall scores for benchmarks.
Intel is classifying Variant 3a as a medium-risk vulnerability that may allow an attacker with local access to speculatively read system parameters via side-channel analysis and obtain sensitive information.
Intel is classifying Variant 4 as a medium-risk vulnerability that exploits “speculative bypass.” When exploited, Variant 4 could allow an attacker to read older memory values in a CPU’s stack or other memory locations. Many of the exploits it uses in web browsers were fixed in the original set of patches.
Intel has stated they haven’t received any reports of this method being used in real-world exploits. However, mitigations techniques that were deployed for Variant 1 back in January can also be applied to Variant 4, which are already available. Additionally, Intel and its partners are providing a combination of microcode and software updates for mitigating Variant 4.
Red Hat’s VP of the operating system platform, Denise Dumas, issued a statement saying: “These vulnerabilities could allow a malicious actor to steal sensitive information from almost any computer, mobile device, or cloud deployment. Importantly, several technology industry leaders, including Red Hat, have worked together to create patches that correct this issue, underscoring the value of industry collaboration. It is key that everyone — from consumers to enterprise IT organizations — apply the security updates they receive. Because these security updates may affect system performance, Red Hat has included the ability to disable them selectively in order to better understand the impact on sensitive workloads.”
Urgently required actions
Refer to hardware and software vendors for patches or microcode.
As patches are released, Tenable Research will develop plugins and checks to assist our clients.
Identifying affected systems
- Refer to hardware and software vendors’ releases.
Get more information
*** This is a Security Bloggers Network syndicated blog from Tenable Blog authored by Steve Tilson. Read the original post at: http://feedproxy.google.com/~r/tenable/qaXL/~3/VaSp0DH8k5c/spectre-and-meltdown-still-haunting-intelamd