During previously months it was revealed CPU bugs that are affecting near all produced CPU.
Security it is one of the most warm argument that is growing, correctly, day by day importance (First of all due to global internet devices interconnection).
At actual stage several vendors and O.S. providers released O.S. patches.
Some of these fixes was deployed to mitigate risks.
Consider that one of these bug (Spectre ) need devices firmware upgrade.
In other cases antivirus software upgrade it is necessary before patch/firmware installation.
Some of these fixes was deployed to mitigate risks.
Consider that one of these bug (Spectre ) need devices firmware upgrade.
In other cases antivirus software upgrade it is necessary before patch/firmware installation.
So I am going to create a blog article with info collected reading several technical documents/articles (indicated at end of article for easily reading)
My idea it is to release minor revisions article updates, during next months, adding fresher information.
- Intel CPU produced during these last 10 years are affected from security critical issues.
- On these CPUs Intel left an open channel between kernel protected memory and normal user processes.
- This design error could permit, to access this memory area, to programs executed at user level permissions, (Java scripts browser app too), permitting sensible data read/stolen (including login and passwords).
- It seems that Intel was already aware about this problem but did not notify this information to major O.S. players to strictly work to fix it.
- Server, Workstation, PC, Tablet, Smartphone and Smart Devices are impacted.
- Affected chips include those manufactured by Intel, AMD, and ARM, which means all devices running Windows operating systems are potentially vulnerable (e.g., desktops, laptops, cloud servers, and smartphones).
- Devices running other operating systems such as Android, Chrome, iOS, and MacOS are also affected.
- CLOUD is impacted too.
- Meltdown could be particularly dangerous on unpatched cloud platforms, due to the possibility of malicious code inside a virtual machine being able to read data from the memory of the underlying host computer, with the threat that one cloud customer could steal data from another.
- CPU performances decrease would be between 5% up to 30%. (these performances problems would be a big issue for cloud providers like Azure, Amazon....)
- REMARK:
- Hotfix need to have kernel code partially rewritten:
- Furthermore kernel and end user memory process separation (Kernel Page Table Isolation (KPTI)) would deeply impact on performances too.
- Some old CPUs could not be upgradable.
- Patches released are working so deep at kernel level that some AV are not compatible (a.e. Microsoft if informing customers that before begin patching process, you should verify that your antivirus (AV) software is up to date and compatible (check your antivirus software manufacturer's website for their latest compatibility information).
Starting in January 2018, Microsoft released updates for Windows operating systems, Internet Explorer and Edge browsers to help mitigate these vulnerabilities and help to protect customers. They also released updates to secure their cloud services.
Here they are Microsoft Articles:
https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown
https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
From Microsoft January 2018 Security Updates
Operative System | Update KB |
Windows Server, version 1709 (Server Core Installation) | 4056892 |
Windows Server 2016 | 4056890 |
Windows Server 2012 R2 | 4056898 |
Windows Server 2012 | not yet available |
Windows Server 2008 R2 | 4056897 |
Windows Server 2008 | not yet available |
Windows 10 | 4058702 |
Windows 8.1 | 4056898 |
Windows 7 | 4056897 |
NOTES
Patches released are working so deep at kernel level that some AV are not compatible (a.e. Microsoft if informing customers that before begin patching process, you should verify that your antivirus (AV) software is up to date and compatible (check your antivirus software manufacturer's website for their latest compatibility information)
APPLE Has indicated that all iPhones, iPads and modern Mac devices are affected by Meltdown. Bullettin link.
ANDROID/GOOGLE bullettin link.
- This bug has two variant types:
- Meltdown (32/64 bit - It permit to read private kernel memory):
- It impact all Intel CPUs produced from 1995 to 2013 -Haswell Xeon series included.
- CPU ARM Cortex A15, A57 A72 e A75 impacted
- REMARK:Patches was released to fix Meltdown and Spectre 1 variant bugs for o.s. and virtual machine vendors.
- You can learn more about these vulnerabilities at Google Project Zero
- Spectre (32/64 bit - It permit to user-mode applications to estract processess information)
- It impact all Intel CPUs produced till now.
- It impact some ARM CPUs Cortex A15, A17, A57 A72, A73, A75, R7, R8, A7, A8.
- It impact some AMD CPUs Ryzel, FX ed Pro.
- REMARK: Fixes about bug Spectre variant 2 require computer firmware update.These updates are being issued by chip manufacturers and designers such as Intel and Arm. Sometimes it may require also operating system kernel update.
- REMARK 2: Because of the difficulty in addressing Spectre, patches generally mitigate risks from attacks, rather than blocking them completely.
- You can learn more about these vulnerabilities at Google Project Zero.
- Modern processors accelerate the rate at which they execute instructions by loading data into the processor's on-board cache memory ahead of when it's needed. Data can be retrieved from this on-board cache far more rapidly than from the computer's main memory.
- If a processor is executing a set of instructions that branches depending on the input, then processors will try to guess which branch of instructions is most likely to be executed and load the necessary data into the processor's cache. These processes, called Branch Prediction and Speculative Execution, are what can be exploited by Spectre attacks.
- Meltdown works slightly differently, taking advantage of a privilege escalation flaw that allows any user able to execute code on the system to access protected memory.
[original articles]
https://www.achab.it//achab.cfm/it/blog/achablog/meltdown-e-spectre-cosa-deve-sapere-e-fare-un-msp
http://www.lastampa.it/2018/01/09/tecnologia/news/lultima-patch-di-sicurezza-windows-non-fa-pi-avviare-i-computer-amd-microsoft-sospende-gli-aggiornamenti-44j9a7tUG3GsQ1m1T6vxjO/pagina.html
https://www.techrepublic.com/article/spectre-and-meltdown-cheat-sheet/
https://meltdownattack.com/#faq-advisoryhttps://meltdownattack.com/#faq-advisory
https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown
Protect your Windows devices against Spectre and Meltdown
https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown
https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
You can learn more about these vulnerabilities at Google Project Zero.
[update 2018.02.17]
Oracle is impacted too, I forgot to mention previously
Oracle Linux (ELSA Security Advisory):
[update 2018.02.17]
Oracle is impacted too, I forgot to mention previously
Oracle Linux (ELSA Security Advisory):
- Details about CVE-2017-5753 (variant 1, aka "Spectre")
- Details about CVE-2017-5715 (variant 2, aka "Spectre")
- Details about CVE-2017-5754 (variant 3, aka "Meltdown")
[update 2018.02.19 ]
Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems
https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
[update 2018.03.04]
Microsoft has published guidance for IT Pros that outlines the steps Microsoft has taken as well as steps you can take to take advantage of all available protections.
One action that you can take immediately is to ensure that your computers are able to reach the following endpoint:
http://adl.windows.com
This may involve adding this URL to your company’s whitelist which may require approval from your security group. This endpoint is used to communicate updates to Microsoft’s compatibility information with client computers. By ensuring your computers can reach this endpoint, you can help them get the most up-to-date information Microsoft has available about supported antivirus solutions and versions, security update statuses, etc.
more details here
[update 2018.03.04]
Microsoft has published guidance for IT Pros that outlines the steps Microsoft has taken as well as steps you can take to take advantage of all available protections.
One action that you can take immediately is to ensure that your computers are able to reach the following endpoint:
http://adl.windows.com
This may involve adding this URL to your company’s whitelist which may require approval from your security group. This endpoint is used to communicate updates to Microsoft’s compatibility information with client computers. By ensuring your computers can reach this endpoint, you can help them get the most up-to-date information Microsoft has available about supported antivirus solutions and versions, security update statuses, etc.
more details here