This week, a major announcement about two chip flaws—called Meltdown and Spectre—made headlines that have the potential to impact billions of devices around the world. The flaws exist in what is regarded as the “brain” of devices.
According to a CNN article, researchers are saying that “almost every computing system—desktops, laptops, smartphones, and cloud servers—is affected by the Spectre bug. Meltdown appears to be specific to Intel (INTC) chips.”
What does this mean to you? These flaws give the potential for hackers to view sensitive data stored in the privileged memory of your device. Think information like passwords and credentials, among other sensitive data, in the hands of attackers.
At Carousel, we’ve been fielding several questions from clients about this issue and how they can best protect themselves (and their sensitive data). We’ve compiled a Q&A of some of the most pressing questions…
Have questions about improving your security program? Well-versed in every layer of security, our experts will evaluate, recommend and deploy the latest next-gen security. Click to learn more.
What are the Meltdown and Spectre flaws?
Meltdown and Spectre are hardware vulnerabilities that allow an attacker running unprivileged code to read from privileged memory. For example, it could permit a user-mode program to read entire kernel memory. Cybercriminals could use this as part of a privilege escalation attack or, in some cases, it can be used for remote exploits. Malware that aims to leverage this vulnerability would first need to gain access to the host and execute like any other malware.
How can the flaws be exploited by cybercriminals?
These vulnerabilities can be leveraged by cybercriminals to read privileged memory, for example, leveraging the vulnerability as part of a privilege escalation exploit in order to take over the affected systems. Spectre can also be leveraged as part of remote exploitation scenario, for example, an attacker can use Spectre in combination with other known vulnerabilities to remotely read/harvest any information being accessed at that point-in-time (like passwords, usernames, sensitive information).
Ready to explore next-gen security or managed services to help stay ahead of threats? Learn more.
What systems are impacted by Meltdown and Spectre?
The Meltdown vulnerability is strictly a vulnerability for Intel Processors. The Spectre vulnerability affects all server, workstation, and mobile devices, as well as operating systems like Windows, macOS, and Linux. Spectre was shown to work on Intel AMD and ARM processors.
Are there implications to patching Meltdown and Spectre?
The OS, browser, and antivirus software patches that have been released to date help mitigate the attackers’ capability to read privileged data from the operating system memory. It is expected that firmware updates will also be made available from chip manufacturers. Please note that it has also been found that the Microsoft patches are not fully compatible with antivirus applications, causing patch deployment failures or “blue screen of death”. Antivirus compatibility should be reviewed.
Will antivirus or malware protection help with Meltdown and Spectre vulnerabilities?
Endpoint protection will not defend against Meltdown and Spectre vulnerabilities explicitly, but may detect and stop malware attempting to exploit these vulnerabilities.
Which types of defenses can I use against the effects of Meltdown and Spectra flaws?
Organizations can do the following to protect against these vulnerabilities:
- Patch Systems: Install all Meltdown and/or Spectre-related patches on all Windows, Linux, and other systems.
- Multi-Layered Security: To complement pre-infection defenses like next-generation antivirus, we suggest deploying Advanced Malware Protection to stop malware threats that use Meltdown and Spectre vulnerabilities in a real-time basis, and post-infection protection capabilities with kernel-level visibility on the endpoint.
Gain insight into the most effective next-generation security solutions here.