January 5, 2018
What You Need to Know about Meltdown and Spectre
What are Meltdown and Spectre?
Meltdown and Spectre and are side-channel vulnerabilities that enable attacks based on information gained from the physical implementation of almost all CPUs manufactured since 1995. Essentially, normal interactions between operating system memory management and CPU optimization technologies could allow attacks that expose otherwise secure and private information.
The vulnerabilities were identified simultaneously by Google Project Zero, the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz), and others.
Meltdown breaks the isolation between user applications and operating systems. A Meltdown attack could allow an application to access the memory, and thus information, of other applications and the underlying operation system.
Spectre breaks the isolation between applications and allows attackers to trick otherwise normal and well-designed applications into leaking information. Some safety checks and best practices can even increase the attack surface and make applications more vulnerable to Spectre.
Is my Business Affected by these Vulnerabilities?
Yes. These two vulnerabilities can be exploited to expose any information contained in memory on almost every computing system manufactured in the past two decades, including workstations, tablets, cell phones, IoT devices, and most importantly servers hosted in collocated, virtualized, and cloud environments.
Microsoft, Apple, Arm, Google, Intel, Amazon, VMware, Citrix, various Linux providers, and Mozilla have all confirmed that their hardware and/or software is vulnerable to these attacks. Everything you and your company uses on a daily basis is vulnerable.
One positive note is that these vulnerabilities can only exploited using locally executed code. This usually requires that the system already be compromised. However, current antivirus/antimalware software and logging systems cannot detect or mitigate this type of attack.
How can I Protect My Business Against these Vulnerabilities?
As no current antivirus/antimalware software or security logging systems can detect, mitigate, or prevent attacks using these two vulnerabilities, the only way to protect your business is to immediately apply patches to all affected systems and devices, or to rely on third parties to do it for you. Most major providers, including Microsoft, Apple, Google, VMware, and Linux providers, have released patches to protect against Meltdown and Spectre.
What about System Performance?
You might have heard about decreased system performance after applying patches for Meltdown and Spectre. This is a half-truth. Most common end user and business applications are likely to see no noticeable performance impact from the patches. The same can’t be said for I/O heavy systems like databases running on high performance solid-state drives. Synthetic benchmarks have shown a 10-30% degradation in performance in this scenario on Intel hardware.
Stay Informed, Stay Safe!
Follow our blog as we will be regularly updating the information on Meltdown and Spectre as it becomes available. Should you require assistance in applying the patches to your systems or have any questions about your organization’s security posture, contact us at firstname.lastname@example.org