Are You Ready For Meltdown & Spectre Vulnerabilities?

Every single device from servers, PCs and smartphones to any cloud system dependent on modern Intel, AMD and ARM processors is affected by major security flaws.

Is your security infrastructure ready for Spectre (CVE-2017-5715 branch target injection) and Meltdown (CVE-2017-5754 rogue data cache load) attacks? Picus' customers already have the answer!

Meltdown & Spectre

What are the Spectre and Meltdown vulnerabilities?

The Spectre and Meltdown attacks released on January 2, 2018 are known to exploit critical vulnerabilities in modern processors to disclose sensitive data.

Meltdown exploits CVE-2017-5754 and Spectre exploits CVE-2017-5753 & CVE-2017-5715 vulnerabilities.

Using malicious programs exploiting aforementioned vulnerabilities, an attacker can read memory blocks of other running processes on the same system which contains sensitive data such as passwords or emails stored in the memory. In addition to personal computers and mobile phones, server systems, and virtualized environments are also affected by these attacks.

Read more in: https://spectreattack.com

Which systems are affected?

The Spectre and Meltdown attacks affect almost every server, personal computer, mobile device, server system and cloud system dependent on modern Intel processors. Additionally, Spectre flaw is observed to affect AMD and ARM processors which have a similar architecture.

Solution Alternatives

1. Specifying Affected Systems

In order to identify whether these vulnerabilities exist in your Microsoft Windows systems, you can follow the steps below:

PS > Install-Module SpeculationControl
PS C:\> Get-SpeculationControlSettings

If the output of the script contains “True” as displayed below, you are not affected by these vulnerabilities.

Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID optimization is enabled: True

Read more in:
https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

2. Applying Patches

Microsoft has released KB4056892 patch for Windows 10 and Server 2016 operating system. The confirmed release date for Windows 8 and 7 security patches is January 9.

Read more in:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056892

After determining inconsistencies experienced by certain Antivirus products, Microsoft proposed the following solution:
https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released

For distributions using GNU/Linux kernel, it is recommended to update the kernel using package managers. Via this link, you can see further suggestions concerning different distributions

3. Providing Protection via Security Systems

Research conducted by Picus Security Labs has verified that most of the network security products still do not have signatures that blocks these attacks.

To reach current results of the analysis conducted on end-user security devices, please click here.

How Picus Security can help?

Picus Security has developed and published relevant attack samples on the very same day the attacks have announced.

By this way, Picus customers were able to test prevention effectiveness of their network and endpoint security systems addressing these attacks.

To reveal your level of protection against Meltdown and Spectre provided by your enterprise security systems, please contact us through demo@picussecurity.com. Only within three hours, you can evaluate and report effectiveness of your security stack against the Meltdown and Spectre attacks along with a vast number of, up-to-date cyber attacks.