Cybersecurity Alert: Meltdown and Spectre Chip Vulnerabilities

January 8, 2018

Updated January 8, 2018

Threat Summary

This is an update on a previous alert issued on the chip vulnerabilities known as Spectre and Meltdown.

Both vulnerabilities have multiple variants that allow hackers to access sensitive data on affected devices without administrative privileges. It has been confirmed that Meltdown is an Intel-specific vulnerability that affects the majority of Intel-manufactured laptops, desktops, and server chips. The Spectre flaw affects a broader range of chips from manufacturers including Intel, AMD, and ARM. While most computers leverage Intel chipsets, ARM chips are extremely prevalent within smartphones.

Given that most cloud environments leverage processor sharing across clients, most cloud providers have issued security alerts, including Amazon, Azure, and Google.

Business computers, personal computers, and smartphones face the risk of unauthorized, privileged data access, most commonly through malicious websites, web advertisements, and phishing attacks.

Apple and Android have issued updates for devices including iPhone, iPad, Google Pixel, and Samsung.

Microsoft patches for common versions of Microsoft® Windows®, including versions 7, 8, and 10, are available for deployment through Windows Update. Microsoft Windows Server® operating systems, including 2008R2 and 2012R2, currently require manual patching. The Windows Update for these operating systems is anticipated to be available starting January 9th. Note that many antivirus solutions will block these Windows updates from deployment given that the antivirus software perceives the update as potentially malicious. Please check with your antivirus vendor on any whitelisting requirements to allow for patch deployment.

Devices such as storage appliances and certain Internet of Things (IoT) devices may also be susceptible to attack, though exposure is less likely. Check with your device vendors for relevant patches.

Web browsers can be exploited through malicious advertisements and other web-based attacks. Updates are available for Google Chrome and Firefox that mitigate exposure but further updates are expected to be released on January 23rd.

ACA Aponix Guidance

ACA Aponix recommends taking the following precautionary measures:

  • For Apple device users, apply the latest patch by navigating to Settings > General > Software Update.
  • Update your Web browser to the latest version.
  • For Google Chrome users, consider using the experimental Site Isolation feature, noting that usage could result in heavier resource consumption:
    • Enter “chrome://flags/#enable-site-per-process” in Google Chrome’s URL bar
    • Enable Strict Site Isolation
    • Save your changes and relaunch Google Chrome
    • Enforce Site Isolation and other Google Chrome security policies through group policy (GPO).
  • Log out of accounts on websites to expire cookies, sensitive data, and prevent side-channel attacks.
  • Utilize ad-blocking software or browser extensions to minimize the likelihood of malvertising exploits.
  • Install all available patches to mitigate exposure to these vulnerabilities.
  • ACA Aponix’s internal network scans can detect exposure to Meltdown and Spectre in a variety of environments, including Windows, common distributions of Linux, and common hypervisor operating systems, such as VMWare ESXi.

 

Previous Alert (Published January 4, 2018)

Threat Summary

Security researchers have discovered two major security flaws in microprocessors. The side-channel vulnerabilities, known as Meltdown and Spectre, allow hackers to steal data from computers, mobile devices, and cloud computer networks.

The Meltdown flaw affects nearly all microprocessors created by Intel. The vulnerability impacts cloud providers such as Amazon, Google, and Microsoft, which have already updated their systems to address the flaw. Operating system providers are also working on patches for the issue but the patches can slow down the performance of affected machines by as much as 30 percent.

Spectre is a flaw in the fundamental way processors are designed and will be more difficult to fix, as he design is used in chips by many processor manufacturers, including Intel, AMD, and ARM. Chipmakers and operating system providers are working on software patches and many vendors have released advisories.

For more information, see: https://meltdownattack.com/

ACA Aponix Guidance

ACA Aponix recommends taking the following precautionary measures:

  • Replace central processing unit hardware.
  • Install updates or software patches as soon as they are released, particularly for operating systems.
  • Review guidance from cloud providers to ensure patches are applied.

If you have any questions, please contact your ACA Aponix consultant or email us at info@acaaponix.com.