Blog
Meltdown and Spectre: The two new security vulnerabilities explained
January 4th, 2018
Various researchers, including Google Project Zero, have today disclosed two critical processor vulnerabilities, named “Meltdown” and “Spectre”.
These vulnerabilities affect laptops and workstations from all major manufacturers including HP, Dell, Microsoft, Apple etc.
Essentially, they allow programs to steal data which is currently processed on a computer. This could include passwords stored in a password manager or a browser, photos, emails, instant messages or documents.
Typically programs cannot read data from other programs. However, a malicious program can exploit Meltdown and Spectre to get hold of information stored in the memory of other running programs.
The implications of these bugs are far-reaching and can affect personal computers, mobile devices and the cloud. The QuoStar team have collated the following information about both hardware bugs for your convenience below.
What is Meltdown?
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the details of other programs and the operating system.
Every Intel processor which implements out-of-order execution is potentially affected by Meltdown. This means that every processor since 1995 (except Intel Itanium and Intel Atom before 2013) could be vulnerable, which may affect desktop, laptop and cloud computers. It is currently unclear whether Meltdown also affects ARM and AMD processors.
At QuoStar we are continually monitoring the situation and all workstations and servers that we manage are showing as clear of any malicious software. Our monitoring systems will alert us to any potential problems, and we will keep our clients informed of any new information.
However, if your computer does have a vulnerable processor and is running an unpatched operating system, then researchers are recommending not to work with sensitive information due to the potential for data leak.
What is Spectre?
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices into leaking their details.
Spectre affects all desktop, laptops, cloud server and smartphones. Specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. Spectre has been verified on Intel, AMD and ARM processors by researchers.
What should I do?
Unlike usual malware, Meltdown and Spectre are hard to distinguish from regular benign applications. However, your antivirus may detect malware which uses attacks by comparing binaries after they are known.
Microsoft has released a security patch, which we are working to apply to applicable client systems. However, there are some limitations in terms of the compatibility with this patch and some Anti-Virus products. Therefore it may be necessary to wait for Microsoft to release an improved patch before it is applied to all systems. We keep all clients aware of current and future planned patching activity.
There are also patches against Meltdown for Linux and OS X. Furthermore, there is work to harden software against future exploitation of Spectre, respectively to patch software after exploitation.
We recommend to our clients that they update any device which is not managed by QuoStar as soon as practicable.
If you would like to read further information on either vulnerability, researchers have set up a website called Meltdown Attack.
The QuoStar team are here to assist with any Meltdown or Spectre queries or issues, please give us a call on 01202 055400 for further advice.
How can law firms reduce the risk of cloud services
Rapid change within the legal sector nationally and internationally has made many firms look to the cloud for solutions. In times of turbulence, legal firms and, in fact, other businesses look for change, to get an edge over the competition, to pick up that golden chalice dangled in front of their noses by a smart […]
What is Security as a Service?
Security as a service (SECaaS) is the outsourced management of business security to a third-party contractor. While a cyber-security subscription may seem odd, it’s not much different from paying for your anti-virus license. The difference is that SECaaS is the combination of a lot of security products wrapped up into one more central service. The […]
QuoStar’s 10 Year Anniversary: 10 lessons we’ve learnt
2015 is QuoStar’s 10th anniversary. We have come a long way from a shoe-box office with no windows and no clients to where we are today. We have learnt so many lessons as we’ve probably hit most bumps in the road along the way. However, I wouldn’t change that as that experience is what makes […]