Are You Ready For Meltdown & Spectre Vulnerabilities?
Every single device from servers, PCs and smartphones to any cloud system dependent on modern Intel, AMD and ARM processors is affected by major security flaws.
The Spectre and Meltdown attacks released on January 2, 2018 are known to exploit critical vulnerabilities in modern processors to disclose sensitive data.
Meltdown exploits CVE-2017-5754 and Spectre exploits CVE-2017-5753 & CVE-2017-5715 vulnerabilities.
Using malicious programs exploiting aforementioned vulnerabilities, an attacker can read memory blocks of other running processes on the same system which contains sensitive data such as passwords or emails stored in the memory. In addition to personal computers and mobile phones, server systems, and virtualized environments are also affected by these attacks.
Read more in: https://spectreattack.com
The Spectre and Meltdown attacks affect almost every server, personal computer, mobile device, server system and cloud system dependent on modern Intel processors. Additionally, Spectre flaw is observed to affect AMD and ARM processors which have a similar architecture.
In order to identify whether these vulnerabilities exist in your Microsoft Windows systems, you can follow the steps below:
PS > Install-Module SpeculationControl
PS C:\> Get-SpeculationControlSettings
If the output of the script contains “True” as displayed below, you are not affected by these vulnerabilities.
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID optimization is enabled: True
Microsoft has released KB4056892 patch for Windows 10 and Server 2016 operating system. The confirmed release date for Windows 8 and 7 security patches is January 9.
After determining inconsistencies experienced by certain Antivirus products, Microsoft proposed the following solution:
For distributions using GNU/Linux kernel, it is recommended to update the kernel using package managers. Via this link, you can see further suggestions concerning different distributions
Research conducted by Picus Security Labs has verified that most of the network security products still do not have signatures that blocks these attacks.
To reach current results of the analysis conducted on end-user security devices, please click here.
Picus Security has developed and published relevant attack samples on the very same day the attacks have announced.
By this way, Picus customers were able to test prevention effectiveness of their network and endpoint security systems addressing these attacks.
To reveal your level of protection against Meltdown and Spectre provided by your enterprise security systems, please contact us through firstname.lastname@example.org. Only within three hours, you can evaluate and report effectiveness of your security stack against the Meltdown and Spectre attacks along with a vast number of, up-to-date cyber attacks.