Skip to main content

Meltdown and Spectre Vulnerabilities for CPUs

04.Jan.2018
Srinivasan Jayaraman, Vulnerability Research Manager
CPU bugs Meltdown and Spectre were discovered earlier this week which could allow hackers to read sensitive information stored in a system's memory. Find out what they are and what can be done about these widespread vulnerabilities

On January 3, 2018, a set of vulnerabilities for CPUs were disclosed to the public. These vulnerabilities allow for reading privileged memory through a side channel attack. The vulnerabilities have been named Meltdown (CVE-2017-5754), and Spectre (CVE-2017-5753 and CVE-2017- 5715).

 

Meltdown

This vulnerability breaks the isolation between user- and kernel-space in the operating system, allowing a local attacker to dump kernel memory, or any other address, regardless of the owner. Meltdown is applicable to both the Linux kernel and Windows running on Intel (verified), but might also be applicable to some AMD and ARM processors.

Some operating systems have already supplied a fix, while others are working on it. Therefore, it is important to keep up to date with the latest information and update when a fix is supplied, to mitigate the vulnerability.
 
Read more about Meltdown and how it works 
 

Spectre

Spectre uses a flaw in the CPU (hardware) to trick legitimate programs to leak information. To do so, it takes advantage of speculative execution in the processor to gain information. It is more difficult to exploit than Meltdown, but is also harder to mitigate. Spectre is applicable to most devices, and is verified on Linux and Windows running on Intel, AMD and ARM processors. There are ways to harden these systems against future attacks.

Read more about Spectre and how it works 
 

How to Protect Your Organization against Meltdown and Spectre

Windows detection

Outpost24 has tests for both Meltdown and Spectre. The tests are patch-based to ensures that the solutions provided by Microsoft are installed. We are working to add a check for the vulnerable processor manufacturer which will improve potential false positives (i.e. AMD processors). We recommend you stay current with Outpost24 updates to get the benefits of the latest improvements. For more information, check Microsoft Security Updates 

 

Linux detection

We recommend you patch whenever your OS vendor has provided a patch or update. An authenticated check for Meltdown is available now, which work like our other authenticated checks. With an authenticated connection, we can determine whether the host is vulnerable or not.  This will help you identify the vulnerability while waiting for further vendor patches. In addition, we are working to add a check if the kernel has the KPTI patch selected at build time. Our testing confirms detection for RHEL, Oracle Linux, CentOS, Fedora, Debian, Ubuntu, Mint, Gentoo, and OpenSUSE.
 

Current support - updated 05 Jan 2018

At Outpost24 we have released patch/package based checks in our vulnerability management solutions for the following operating systems:
 
  • Windows
  • Debian
  • SUSE
  • RHEL
  • Apple OSX
  • VMware ESXi
  • VMware Workstation
  • Mozilla Firefox
Unsure about what to do or need help understanding whether your company is at risk? Contact us for expert advice 
Share this

Looking for anything in particular?

Type your search word here