Over the past few days you may have heard of some new security flaws that have been discovered, known as Spectre and Meltdown. Whether you have or not, here is a very simplistic explanation, without too much technical jargon, explaining what has been found.

In almost all technology we use, there is a CPU (processor), otherwise known as the brains of a computer, that performs calculations, actions and runs programs. Everything from your smart-watch through to the servers used to run ‘the cloud’ involve a CPU to process information. While it is not the only processor in modern computers, it is the most important, handling information that passes between other components in the system.

What has been found by a number of independent researches is that many modern processors suffer from this new security flaw, which use a common function in processors known as ‘speculative execution’. Put simply, to improve performance, most processors try to guess what a computer program is going to do and plans ahead and if it guesses incorrectly, it does not apply the plan it made. Unfortunately what has been found is that traces of what the processor was going to do remain and that a well crafted exploit could leak privileged information from this area to unprivileged programs (or people!).

While it’s actually quite difficult to do, attacks may look like the following, since they are attacking the underlying CPU in the physical system:

  • For personal devices, attacks can be crafted from a malicious website for example to extract passwords or other information on your device that the remote system should not have access to.
  • For shared systems, such as Remote Desktop servers where multiple users access the same system, a user on that system could steal information from another users session.
  • For Cloud providers, where multiple companies use the same servers for virtual machines, one user or operating system could steal data from another parts of the system, such as the host server or other virtual machines on the same physical server.

 

While there are no known exploits in the wild attacking these security flaws yet, it is only a matter of time until these methods are utilized to try and steal data.

There are reports that this will decrease performance in some systems, since the function that contains the security flaw is used to increase performance, but how much performance is impacted will depend on the system in question and what it does.

So how do we stop this? Fortunately most vendors have released, or are releasing this week patches for the systems to no longer use these techniques that contain the security flaw. Cloud vendors are patching, or have already patched their systems. Web Browser vendors are also releasing patches to mitigate these attacks as well.

If you are a RODIN customer, your systems will be patched automatically through our patching systems. We will be monitoring our customers environments also, running reports against all machines to ensure they are protected against this specific vulnerability and reaching out to anyone where the patch is not automatically applied for whatever reason to ensure it is done manually.

If you are using RODIN’s recommended security platform, Sophos Central, then the operating system updates have already been tested and confirmed compatible with their solution. See https://community.sophos.com/kb/en-us/128053 for further details on this.

Google’s Project Zero, who were one of the teams who discovered this bug, have published a detailed descriptions of the research into the issue. It’s a very technical document, but explains it in detail: https://googleprojectzero.blogspot.com.au/2018/01/reading-privileged-memory-with-side.html

Should you be interested in any further reading, information can be found here:

https://nakedsecurity.sophos.com/2018/01/03/fckwit-aka-kaiser-aka-kpti-intel-cpu-flaw-needs-low-level-os-patches/​

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

http://www.abc.net.au/news/science/2018-01-04/intel-chip-flaw-a-security-threat/9303280

 

If you have any follow up questions about this security flaw or how to ensure your systems are protected, please contact us on 1300 138 761 or contactus@rodin.com.au

Share This