How to survive Meltdown and Spectre

January 8th, 2018
ESET has found new vulnerabilities called Spectre and Meltdown that affect almost all Intel, AMD and ARM processors, allowing hackers to access a computer’s memory.

ESET says it is one of the few third-party security solutions already compatible with Microsoft’s emergency patches, released on 3 January, for vulnerabilities called Spectre and Meltdown that affect almost all Intel, AMD and ARM processors.

Many types of computing devices, with many different vendors’ processors and operating systems are susceptible. Apple’s iPhones, iPads and Mac computers are all vulnerable.

The vulnerabilities affect the microprocessors in the majority of the world’s computers, including mobile devices and cloud networks, and can allow hackers to access the entire contents of a computer’s memory.

The Spectre and Meltdown vulnerabilities are bi-products of optimization techniques designed to increase the performance of modern processors.

These techniques are called “out-of-order” and “speculative” execution. They allow the processor to make better use of time it would have to spend waiting unnecessarily before executing the next instruction to pre-compute further results which may or may not be used in the execution flow.

These pre-computed results, if not used, are discarded – but, as researchers have shown, there are side-effects left by such precomputation which are not disposed of thoroughly enough and can sometimes be leaked to the potential attacker.

As stated by the authors of the papers describing the vulnerabilities, there are theoretical ways antivirus could detect the problem. However, detection would have an extremely negative impact on the device’s performance and significantly influence user experience; it would be a less effective approach than prevention. Therefore, we recommend that ESET users keep track of any related patches for their systems and apply them as soon as possible. 

While ESET protects against potential malware infection, it says users should also take these steps to securecomputers and data:

·         Make sure your browser is up to date. For Chrome or Firefox users:

o    Mozilla has released information describing their response, including how Firefox 57 will address these security flaws.

o    Google has stated, “Chrome 64, due to be released January 23, will contain mitigations to protect against exploitation.” In the meantime, you can enable “Site Isolation” found in current stable versions of Chrome to provide better protection.

·         Make sure you update your ESET software, then update your Windows OS to protect against this exploit. To update ESET:

ESET Home products (NOD32 Antivirus, Internet Security, Smart Security Premium)

o    ESET Business products (Endpoint Antivirus, Endpoint Security, File and Mail Security and Virtualization Security)

·         Customers should review ESET’s Knowledgebase article for important updates.

·         If you have a cloud-based server or have a website hosted by hosting provider, check to see what mitigations they have implemented already to prevent Meltdown.

Here is a list of affected vendors and their respective advisories and/or patch announcements:

Vendor

Advisory/Announcement

Amazon (AWS)

AWS-2018-013: Processor Speculative Execution Research Disclosure

Apple

HT208331: About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan

HT208394: About speculative execution vulnerabilities in ARM-based and Intel CPUs

ARM

Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism

Azure

Securing Azure customers from CPU vulnerability

Microsoft Cloud Protections Against Speculative Execution Side-Channel Vulnerabilities

Google’s Project Zero

Reading Privileged Memory with a Side-Channel

IBM

Potential CPU Security Issue

Intel

INTEL-SA-00088 Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method

Microsoft

Security Advisory 180002: Guidance to mitigate speculative execution side-channel vulnerabilities

Windows Client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities

Windows Server guidance to protect against speculative execution side-channel vulnerabilities

Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software

Mozilla

Mozilla Foundation Security Advisory 2018-01: Speculative execution side-channel attack (“Spectre”)

Red Hat

Kernel Side-Channel Attacks – CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

VMware

NEW VMSA VMSA-2018-0002 VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution

Xen

Advisory XSA-254: Information leak via side effects of speculative execution

Leave a Reply

Your email address will not be published. Required fields are marked *


3 × = 18