Meltdown and Spectre Vulnerabilities - Quick Overview
If you are reading this post, it means that you have already heard about a critical vulnerabilities discovered in CPUs of different vendors including Intel, AMD and ARM. If you have been living under a rock then go to Meltdown ans Spectre
Smartphones, tablets, laptops, PCs, MACs, cloud devices, servers and 99% of CPUs released since 1995 are affected.
What is this about?
Meltdown and Spectre are two major vulnerabilities in modern processors, undermining layers of security features introduced by applications on your system, resulting in leakage of ANY data in clear form (encrypted/not encrypted).
In short, if you are using the most secure password manager with the latest encryption technology to secure your credentials and private information, you need to be worried.
More exploits are underway, but below you can see one demonstration of stealing passwords via Meltdown vulnerability in real-time:
Spectre vulnerability exploitation:
When a lower layer of your system (hardware) is vulnerable to such extent, the security of the upper layers (software) does not really matter.
How does this happen?
Normally CPUs isolate application memories from each other by marking kernel addresses as non-accessible. This design is introduced for security reason, we do not want
Application A to access sensitive data of
Application B stored in a memory, because this would allow a malicious actor to access all your secrets with a single application. Both Meltdown and Spectre make use of bug in isolation, resulting in potential leakage of ANY data stored in memory
Meltdown affects any operating system running on a vulnerable CPU and it does not depend on vulnerabilities in a software. It enables reading memory of other processes and virtual machines in the cloud at the speed of 503 KB/s.
Meltdown - allows applications to access arbitrary system memory. After installing a malicious software on your system, attacker can access sensitive data stored in the system memory.
Important issues with these vulnerabilities is that when exploited, they do not leave any traces or logs. Thus undermining the need for accountability.
Am I affected?
Windows users you can run following PowerShell commands with elevated privileges to check if you are affected. This will install Microsoft's SpeculationControl module, run it and display results.
PowerShell as Administrator
Install-Module SpeculationControl- Install Microsoft's SpeculationControl module
- You will be asked to confirm if you want to download and install the module
- If you are receiving an error, then most probably you need to change the execution policy of PowerShell by running following command:
Get-SpeculationControlSettings- this will check your system and output results
If you see text in red similar to screenshot below, it means that your system is affected:
For Linux users you can refer to a method of checking, published on GitHub:
Am I affected by Meltdown?! Meltdown (CVE-2017-5754) checker
Issues with patches and fixes
- Microsoft will release patches for the system which have a specific key in a registry. Company instructed vendors, that in order to protect customer devices, AV companies should insert a string in a registry, confirming that the patches will not affect their software and/or users. So when you receive a confirmation from AV that patches will work as intended, if you don't want to wait for an update make following changes:
- Go to
- Add following
- Patches that are underway might incur at least 30% performance depreciation in all your existing implementations. Therefore you are strongly advised to speak with cloud service providers asap about potential increased costs and available patches
What should I do?
- Install BIOS and Firmware updates from official manufacturers
- Install latest Operating System patches
- Note, certain Antivirus software might not be compatible with latest patches resulting in stop errors a.k.a "Blue Screen of Death". Before installing patches you are advised to check this with your provider.
- Keep your browsers and software up-to-date
- Amp your safe browsing game by installing following plugins:
- Or use browsers like ToR and Brave to limit scripts on some extent
- Take care of physical security of your devices - do not give access to smartphones, laptops and other devices to untrusted users
- Do not install suspicious or pirated software - Pirated software are well known to exposing users to different types of malware
What should the business do?
- Warn your employees about the vulnerability and potential risks in layman's terms, ask them to be vigilant- refer technical audience to official research papers
- Test and install BIOS and Firmware updates from official manufacturers
- Test and install latest Operating System patches, also check if Antivirus Provider is supporting those patches
- Push updates to browsers
- Run installed software checks, make sure that any unauthorized software is removed
- Be wary of waves of phishing attacks and prepare a plan to counter measures
- Contact third parties and vendors, make sure that they are aware of this issue.
- If you are using cloud services - contact providers and ask for timelines for fixing vulnerabilities and clarify additional processing costs.
Available patches and advisories
- Android Security Bulletin
- Google recommends to enable Site Isolation for chrome until the patch is released
This post will be updated with new information
If you find this content useful, feel free to share it with your friends and family. Owls love humans, so if you want to keep in touch make sure to sign up for CypherOwl Newsletter. Let me know what you think from the comments section below.