This week, two CPU-based vulnerabilities, Meltdown and Spectre, were identified, leaving Intel, Microsoft and others scrambling to create fixes and workarounds.
Meltdown is the more immediate threat, although so far there have been no reports of in the wild attacks. The good news is that Microsoft has a patch in place, and Intel is developing firmware fixes that should mitigate much of the concern.
The issue, of course, is that a patch or fix is no good unless it is properly installed and deployed on all relevant endpoints.
Meltdown and Spectre are similar in that they exploit newly found vulnerabilities in popular processors. The potential is that hackers can take advantage of these hardware issues to devise attacks that steal data from and across applications. This includes passwords, private documents, contacts, and even financial information.
The vulnerabilities are in part due to the need for speed, especially around moving data from more frequently used applications into faster memory and caches, the latter of which is actually managed by the processor. At the same time, the OS kernel tries to keep this data safe, and separate from other applications. With these exploits that protection can be compromised.
Meltdown vs. Spectre
Meltdown can exploit vulnerabilities in all Intel CPUs going back to 1995, adding up to hundreds of millions of devices. Meltdown can obtain information by “snooping” on memory used by the kernel.
Spectre is seemingly more dangerous in that it can impact all three major processor families, Intel, AMD, and ARM. Using “speculative execution” (thus the name Spectre) this proof of concept exploit can steal forward-looking data held in the cache. Today, Spectre is less developed as an actual exploit, and that should allow time for effective fixes. However, some experts believe the only way to be safe in the long run is to replace all CPUs.
meltdownattack.com explains the difference succinctly.
Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location. For a more technical discussion we refer to the papers ( Meltdown and Spectre).
The good news about both exploits is that they can effectively only snoop on or steal snippets of data. It would take a great deal of effort to fully compromise a system.
Do not Call it a Bug or Flaw
Intel is taking umbrage at having its chips called “flawed,” noting “Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits,” Intel said. “Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”
Kaseya Automation Exchange to the Rescue
At Kaseya, we take security seriously; especially as our MSP customers often support hundreds of clients or more. Our experts stay close to the action through our security response team. We also stay close to customers who share fixes through the Kaseya Automation Exchange, which was built to help users of VSA by Kaseya benefit from all the other Kaseya VSA customers who have built security fixes and custom automation.
Kaseya also shares solutions built by in-house experts.
The sure fire way to be protected is to keep your machines up to date. As such, leveraging Kaseya Patch Management and Kaseya Software Management will keep your systems current.
Based on this article from Microsoft, our Automation Exchange engineers have released an agent procedure that will protect against the meltdown vulnerability. You can download this agent procedure here.
Our Automation Exchange engineers have also put together an agent procedure that will scan your endpoints for the Meltdown vulnerability to determine if they are safe or need to be patched. You can download this agent procedure here.
For users on our Cloud/SaaS platform, we are currently testing the Microsoft patch before releasing to production. We expect to have the fixes out as soon as possible.
Meanwhile, integration with Kaseya VSA means that you have already automatically discovered your endpoints, have details on their status, and can fully automate the patching process.
For those concerned that the Microsoft emergency security patch isn’t compatible with your antivirus tools, the Kaseya Automation Exchange can help provide insight.
Learn more with the Kaseya Knowledgebase article Meltdown and Spectre FAQs.