Understanding the Meltdown and Spectre Vulnerabilities

January 15th, 2018 by Guillermo Fernandez

As of the date of this post, some manufacturers have recalled updates.  This situation will continue to change.­

This post covers the following:

  • What the Meltdown and Spectre exploits are
  • Who is affected
  • How to avoid problems

What are Meltdown and Spectre? From meltdownattack.com:

“Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.”

Meltdown and Spectre (or “SpecDown”) are both flaws that permit an application to read privileged memory; the difference is that Meltdown can be exploited from a program and Spectre can be exploited by other programs. Think of Meltdown as the sword and Spectre as the gap in the armor; Meltdown will be (or has been) used to target software which, owing to its design, is vulnerable to Spectre.

Who is Affected?

In both cases, it is the hardware level that is affected. Intel’s chips are the most widely vulnerable; however, AMD, ARM Apple’s A-series chips are exploitable too. Reports indicate that Intel’s flaw dates back as far as 1995. Every OS is affected. Linux’s KPTI has been updated to mitigate the attacks; macOS has been hardened as part of its 10.13.2 and Windows has had a series of patches earmarked as “2018-01” released.

How to Avoid Problems?

As Meltdown and Spectre are two different vulnerabilities affecting both Hardware and Software between them, there is no single mitigation step that can be taken to guarantee complete protection against these issues. As such, the following guide should be followed.

Update OS – macOS: Use the “Install recommended updates on OSX [MAC]” component available from the ComStore to update your Mac devices to 10.13.2. Your devices must be capable of running this version of macOS; Apple have not provided any solution for older devices. You will need to reboot your endpoints after installing the update in order to apply it.

Update OS – Windows: Microsoft are publishing patches for SpecDown as part of their January cumulative update (legacy term: “rollup”). These patches are only being supplied for supported operating systems. As such, please only expect Microsoft patches for:

  • Windows 7 SP1 (not SP0)
  • Windows 8.1 (not 8.0)
  • Windows 10

Note that there are certain circumstances where a Microsoft OS will not view the 2018-01 update despite appearing to meet all the requirements; the SpecDown fix alters the manner in which Windows works, and this can potentially cause issues with Antivirus suites. As such, a registry value is required to activate a device’s applicability for the patch – antivirus operators have been instructed to furnish this value and Microsoft’s own Windows Defender will produce it automatically. If this key has not been set, a device will not view itself as applicable for the patch and, thus, the patch will not show in update scans. Be aware that setting it manually may cause Antivirus suites to trigger blue screens and destabilize systems. We do not recommend setting this value manually. You may need to get in touch with your Antivirus vendor personally if you note this registry value to be absent on otherwise applicable systems.

Update BIOS/uEFI: For macOS systems, the OS and the uEFI boot routine are part of the same ecosystem, so one patch should mitigate everything. For Windows, however, things are a touch more complicated. As SpecDown is a hardware-level flaw, patches must be dealt with in the microcode of the processor. This is accomplished with a patch that must be applied directly to a device’s BIOS or uEFI chip. Please contact the website for your motherboard manufacturers to obtain individual patches for the devices in your ecosystem.

Parts from this post were contributions from affiliates of Van Ausdall & Farrar.

Posted in: Data Security & Compliance Solutions, Cybersecurity