If you listen to the news reporting on Meltdown and Spectre you would have no doubt in your mind that these issues must be addressed immediately. According to most reports, the Meltdown and Spectre vulnerabilities have shaken everyone’s fundamental trust in technology.
They impact nearly every piece of computer and communications technology manufactured in the past 20 years, including laptops, mobile phones, tablets, computers and smart refrigerators. They represent a clear and present danger to your data and the integrity of your system security, but let’s take a deep breath and understand what is the real risk.
Understanding the scope and impact of a threat is key to understanding how to mitigate the risk.
Meltdown and Spectre are vulnerabilities that are caused due to a design flaw in computer processor chipsets made by Intel, IBM, AMD, and ARM. The vulnerability is caused by the chip’s attempt to read data ahead and execute out of order operations to improve the operational efficiency of the computer system.
Malicious users (Hackers) who have gained physical access to a host, or have gained remote access to administrative permissions can theoretically access the memory space and read the data in the queue.
For argument's sake, let’s assume that answer is yes. Spectre and Meltdown impact nearly all chipsets manufactured by Intel, AMD, ARM, and IBM in the past 20 years.
To be precise Avaya and Cisco running in virtual environments are at risk, as are many hardware-based solutions from these vendors. In addition, any system running Microsoft Windows on one of these chipsets are affected. It is likely easier to list the systems that are not vulnerable to these exploits.
It means the Malicious User could get usernames and passwords, encryption keys, or any documentation that the processor has queued up; but the malicious user would need to have full control of the server to execute against the vulnerability. This means the malicious user would already have access to all of this information and would not need to execute against Meltdown or Spectre.
While certain applications have been identified that could allow Spectre and Meltdown to be executed remotely; for example Java in a web-browser, such attacks have not been identified in the wild and would require users to be running vulnerable applications to exploit.
While Microsoft and Intel have both released updates to address Spectre and Meltdown, neither organization recommends applying those updates right now.
The Mircosoft supplied patch has a significant impact on system performance. Internal testing by ConvergeOne indicates a 40%-60% performance impact to systems as the operating system stops using the out of order operations ability of the chipset.
The Intel provided update has caused instability and reboot issues with systems after being applied and was pulled by Intel until those concerns can be addressed.
The best way to ensure a malicious user cannot exploit Meltdown or Spectre is to have a multi-layered security program in place that includes:
While Meltdown and Spectre are significant threats to data security, there are a lot of things you are probably already doing to protect yourself. Implement network security and monitoring to help protect systems, limit remote administrative access to all systems, and update systems to help prevent the conditions that allow Meltdown and Spectre to be exploited while the world waits on the chipset manufacturers to provide an update that does not break systems.
In addition, these vulnerabilities are not known to have been actively employed in an attack in the wild yet but are theoretically capable of stealing memory resident data that could include passwords and other sensitive information so they need to be taken seriously.