Spectre-Meltdown For Ottawa IT Support Users

Users of computer services in Ottawa ought to be aware of the vulnerabilities Spectre-Meltdown. Spectre-Meltdown targets AMD, ARM and intel processors, and can lead to leaking of sensitive information from any machine, regardless of the operating system they are running. Due to the nature of the vulnerabilities, vendors are having issues with releasing patches that do not affect the performance of their client's machines. So what is Spectre-Meltdown and what are the implications of their being used in the field? Below is a brief, simplified explanation of the vulnerabilities, and how they could affect companies in Ottawa who use IT.


Meltdown is a side-channel attack (an attack based on information gathered from hardware activity) that exploits the speculative execution feature of most modern processors. Speculative execution is one of many techniques that is used in processors to increase their performance. Meltdown uses speculative execution to access protected kernel memory and leak all sensitive data including passwords or cryptographic keys. Meltdown is the more serious vulnerability, but it also has the more limited scope as it mostly Intel processors, although some ARM and IBM processors are said to be affected as well. Users of managed services in Ottawa should exercise caution as Intel released firmware updates to address the Meltdown vulnerability in their processors at the end of January and some issues such as unexpected reboots and performance reductions were reported. Intel released new firmware patches as of 21st February, which seem to address issues that arose from the January update, but it seems to be limited to newer processor families. All major OS vendors have released patches for their operating systems. Microsoft have released a Meltdown-Spectre detection tool to help system administrators determine their systems are not vulnerable to exploitation.


Spectre: Spectre is a somewhat similar to Meltdown, in that it also targets the speculative execution feature of modern processors, The major difference between the 2 is that while Meltdown can access kernel level data, Spectre can only access data relating to the process being exploited. The writers of the Spectre white paper have also shown that the exploit can be used to break out of sandboxes provided by browsers, and virtual machines. This means that it can be used to launch a remote attack and can affect host operating systems and hypervisors running virtual machines. Spectre is the vulnerability with the broader range as it affects ARM, AMD and Intel processors, but exploitation needs to be tailored to the target environment. IT consulting clients in Ottawa will be dismayed to know that, due to the nature of Spectre vendors are having issues releasing patches that do not affect system stability and performance.


It's not all doom and gloom when it comes to Spectre-Meltdown. Users of tech support services in Ottawa, will be relieved to know, that Spectre-Meltdown is at the proof of concept level at the time of writing, this means that neither have been found in the wild. Due to the highly technical nature of each vulnerability, it is unlikely to be found before stable patches can be released.


<< Previous Security article
 
 


Contact Firewall Technical:

Ottawa IT Support