The 2 major vulnerabilities that affects all Intel, ARM and AMD processors have now come to light.
Currently, known as Meltdown and Spectre - malware can exploit the way microprocessors handle memory requests from the kernel. Microprocessors are constantly moving data from various on-chip memory caches in order to ensure processes execute as fast as possible, known as paging. It’s during this on-chip paging that the vulnerabilities come into effect.
Spectre takes advantage of the vulnerability by getting programmes to execute unnecessary instructions and therefore gain access to sensitive information within other applications memory space.
Meltdown takes advantage of a privilege escalation flaw, allowing unprivileged applications access to privileged memory space.
Both vulnerabilities require applications to run on the target but Spectre could be initiated from scripts running in a web browser.
What type of systems are affected?
Any applications that are running on Intel, ARM and AMD processors. As well as the obvious servers (Dell/HP etc) included in this are custom devices such as firewalls, switches and routers that run as VMs (eg Cisco ASAv, Fortinet)
What do I need to do?
Most vendors have released patches which should be applied ASAP. However, with it being a hardware issue, the only real way is to replace the actual chips that are affected. Until that point there will undoubtedly be variants written and released for which patches may not be available. Proof-of-concepts are available so it’s only a matter of time before exploits are written and released.
By having an Intrusion Detection System in place, you would be able to detect these threats as they enter your network. An IDS would give you valuable information such as where the threats are originating and which systems they are targeting.
A vulnerability scanner would be able to identify which systems are vulnerable and therefore providing a list of servers to focus on.
Find out more information on our Intrusion Detection System and protect your business from threats.
Where can I read more?
Detailed papers are also available here –