Until this week, Spectre was just the fictitious name of a secret organisation bent on world domination in a James Bond movie. Today, it is something far more real, though equally as sinister –a design flaw in Intel microprocessors that leaves any data in their memory vulnerable to malicious exploitation.
Unfortunately, Intel is not the only CPU at risk here. So are processors from Arm and AMD. AMD admits its CPUs are vulnerable in ‘some situations’ whereas Arm has published a list of affected cores, most of which are in mobile devices.
The cause of the vulnerability is due to the way modern, high-speed CPUs work. In order to operate faster, these chips attempt to guess which instructions they will be given next. In doing this, they fetch the data necessary to carry these instructions out. This data is known as speculative code. If the CPU makes the wrong guess, it has to remove the speculative code and call the code which is actually required instead.
Unfortunately, one of the issues with these chips is that they do not completely remove the remnants of speculative code, and so parts of it remain stored in temporary caches where it can be accessed at a later time. The problem here is that cleverly coded malware can make it possible to discover that information from the contents of the CPU’s kernel memory.
It has now been discovered that there are two main vulnerabilities around the exploitation of speculative code in modern CPUs – these have been named as Meltdown and Spectre.
Meltdown can be employed by normal computer applications to read the contents of private kernel memory. The vulnerability has an enormous reach, potentially affecting all ‘out-of-order execution’ Intel processors that have been manufactured since 1995, with the exception of Itanium and Atom (built before 2013).
If you have these chips installed, there are now temporary workaround patches available for Apple, Windows and Linux. You should update your operating system without delay. The patches work by moving the operating system kernel to a separate virtual memory. Although this improves security, those with high processing demands may notice an effect on performance, depending on the CPU model and the software being run.
Whilst Meltdown does not affect AMD processors, users of other brands besides Intel may be affected.
Important note for Windows users
Microsoft has released a patch to block the Meltdown vulnerability. However, before installing, users and administrators should check that their antivirus software is compatible with the patch. Failure to do so could result in the blue screen of death. This is because the antivirus package needs to update a registry key before installation can occur. For this reason, Microsoft has set the update to apply only when the registry key has been changed.
Spectre enables user-mode applications to extract data from their own processes and others being run on the same system, for example, it could extract all the login cookies stored in a browser’s memory. One of the problems with Spectre is that it is a difficult vulnerability to patch – at present, there are no solid fixes available for either Intel or AMD CPUs. Luckily, the vulnerability is equally as challenging to exploit.
With regard to protecting yourself against a Spectre attack, the advice at present is to:
- install any operating system and firmware security updates as soon as possible
- do not run any untrusted code
- consider turning on Chrome’s site isolation to prevent malicious websites from attempting to steal session cookies
- Xen hypervisor users should install security patches when they are available.
- VMware’s ESXi, Workstation and Fusion hypervisors also need patching
Information for eUKhost Customers
Staff at eUKhost are keeping fully up-to-date with developments regarding Spectre and Meltdown. As part of our managed services, we are installing patches as soon as they become available from vendors and open source maintainers, just as we do with all other security issues. As you would expect, we have a highly vigilant monitoring system in operation together with a range of other effective security measures.
The patches currently being released are a temporary workaround until Intel and the other processor manufacturers find a permanent solution. This is expected within the next week.
If you are an eUKhost customer and are concerned about the security of your system, please contact our 24/7 customer support team.