Guide to understand Meltdown and Spectre vulnerabilities and their Mitigation.
On 3rd January, 2018 Google’s Project Zero Team discovered the side channel vulnerabilities Meltdown and Spectre.
Whole IT world is spinning over two major vulnerabilities, Meltdown and Spectre which exploit critical vulnerabilities in modern processors. These Vulnerabilities are the result of design flaws in the processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. They work in different ways, affect different processors to varying degrees, and require different fixes.
These can be referred to as “speculative execution side-channel attacks” as well, that affect many modern processors and operating systems including Intel, AMD, and ARM. OS and Hardware vendors are providing various fixes to deal with these vulnerabilities. Major fix for these is to patch the OS and updating the BIOS firmware of your hardware. Let’s discuss Meltdown and Spectre in depth, Visit the Link to get more vision of the advisories that address these vulnerabilities:
Meltdown – CVE-2017-5754 (Rogue data cache load)
Why is it called Meltdown?
The vulnerability basically melts security boundaries (Memory Addresses) which are normally enforced by the hardware.
Meltdown is a CPU vulnerability that allows a user mode program to access privileged kernel-mode memory. It affects all out-of-order Intel processors released since 1995 with the exception of Itanium and pre-2013 Atoms. No AMD processors are impacted by Meltdown. Meltdown is the one which is easily addressed by OS security updates.
Spectre Variant 1 – CVE-2017-5753 (Bounds check bypass) &
Spectre Variant 2 -CVE-2017-5715 (Branch target injection)
Why is it called Spectre?
The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time.
Spectre isn’t so much a specific vulnerability as it’s a new class of attack. It’s enabled by the unintended side effects of speculative execution (something processors do to speed things up by predicting what instructions they’re about to receive and executing them ahead of time).
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate as well.
There are two flavors of Spectre — variant 1 (bounds check bypass, CVE-2017-5753) and variant 2 (branch target injection, CVE-2017-5715). Both can potentially allow attackers to extract information from other running processes. Intel, ARM, and AMD processors are all reportedly affected by Spectre to some degree, and it poses significant patching problems. While operating system and browser updates have helped mitigate the risk of Spectre to some degree, experts agree the only true fix is a hardware update.
Steps to Mitigate:
Make sure to patch your OS with latest security updates, so that your systems will be protected from these vulnerabilities. Visit Below Microsoft Advisory for patches details:
Make sure to keep your antivirus definitions up to date but typical antivirus programs are built on a signature management system, and may not be able to detect the vulnerabilities. Microsoft recommends third-party antivirus vendors add a change to the registry key of the machine running the antivirus software. Without it, that machine will not receive any of the following fixes from Microsoft.
Enable Windows Protection:
Whether you have anti-virus program installed in OS or not, Microsoft recommends to enable some registry changes from OS end for extra protection. The systems which is not having the required registry changes will not receive future security updates for these vulnerabilities.
Registry changes are also for the mitigation against Spectre Variant 2 (CVE 2017-5715) Branch target injection and bounds check bypass, CVE-2017-5753. While Intel, AMD updates their microcode (BIOS/Firmware Updates) for the processors, Microsoft has given this registry fix to mitigate these vulnerabilities.
Make sure to Backup registry before doing any changes.