Alert Logic® is actively researching two new critical vulnerabilities in modern processors – Meltdown and Spectre. These hardware bugs allow programs to steal data which is currently processed on the computer. Any system running an Intel, AMD, or ARM CPU chipset is potentially vulnerable.
While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs, including protected areas of the operating system. This might include passwords stored in a password manager or browser, encryption keys, personal photos, emails, instant messages, and business-critical documents.
Vulnerability Description
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
Meltdown and Spectre work on personal computers, servers, and in the cloud / hosted environments. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
Additional information about these vulnerabilities is available in our What You Need to Know About Spectre and Meltdown blog.
Alert Logic Coverage
Alert Logic is developing vulnerability scan coverage to identify vulnerable Microsoft Windows and Linux clients. Alert Logic Cloud Defender®, Alert Logic Threat Manager™, and Alert Logic Cloud Insight™ will use authenticated scanning to inspect affected assets for missing security-related patches and updates.
Note: An update will be posted in the Updates section of this article when scan coverage is available. We expect to release scan coverage on Friday, January 5.
Due to the nature of this vulnerability, it is not technically possible to detect via intrusion detection system, web application firewall, or logging.
Recommendations for Mitigation
If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.
Software patches are available against Meltdown. Microsoft Windows 10 and Microsoft Server 2008, 2012, and 2016 were patched as of January 3, 2018. Earlier (and in support) versions of Windows are expected to have patches released by January 9, 2018. Patches are also available for Linux and OS X.
Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.
Updates
We will update this section with new information about the Meltdown and Spectre vulnerabilities and related Alert Logic coverage as it becomes available.
01/05/18: Vulnerability scan coverage is now available to identify vulnerable assets.
Comments
2 comments
I dont think this info at the end of the article is accurate.
01/05/18: Intel has released a Detection and Mitigation Tool to assist with detection and mitigation of these security vulnerabilities, available in Intel's Download Center.
This link above is for a tool that detects for SA-00075 which was released back in September of 2017 . The Intel tracking for the Meltdown exploit is SA-00088 and details can be found here https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
Stephen - Thank you for the feedback! You are correct - I have removed the reference to the tool to eliminate confusion. Thank you also for sharing another resource for additional information about these exploits!
Please sign in to leave a comment.