Follow

Meltdown and Spectre

Created by: Jerry Thiesen
Created date:
Last Updated date:

Overview

On January 2, 2018, a serious design flaw in Intel CPUs was reported that could be exploited by attackers to gain unauthorized access to a computer’s memory. These vulnerabilities, dubbed Meltdown and Spectre, affect nearly all modern processors and can only be mitigated through operating system patches. While these vulnerabilities are significant, their exploitation requires that an attacker gain access to a targeted computer via a prior step.

Due to the nature of these vulnerabilities, AccessData recommends that its users apply operating system patches as soon as they are made available. Patches addressing the Meltdown vulnerability have already been released for Microsoft Windows (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002). Patches for the Spectre vulnerability are not yet available, as the vulnerability is reportedly more difficult to patch, but also more difficult to exploit.

Please also note that operating system vendors have already warned that patching is likely to have a performance impact on affected computers. However, based on these early reports, AccessData does not believe that the impact will be noticeable on most systems.

 

Question

What are Meltdown and Spectre?

Answer

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.


Question

Am I affected by the Meltdown and Spectre vulnerability?

Answer

Almost certainly, YES. These vulnerabilities effect: desktops, laptops, cloud computers, and mobile devices.

More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). Currently, it has only verified Meltdown on Intel processors. At the moment, it is unclear whether AMD processors are also affected.

 

Question

What should I do to protect my AccessData servers and information?

Answer

AccessData recommends that its users apply operating system patches as soon as they are made available. Patches addressing the Meltdown vulnerability have already been released for Microsoft Windows (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002).

 

Question

Is there more technical information about Meltdown and Spectre?

Answer

Yes, there is an academic paper , a blog post about Meltdown, and an academic paper about Spectre. Furthermore, there is a Google Project Zero blog entry about both attacks.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk