Comments Off on AssuranceData Meltdown/Spectre Security Alert
Spectre and Meltdown Overview and Mitigation Details
Overview: As of January 3rd, 2018, multiple vendors started publicly releasing patches for CRITICAL security flaws related to modern CPU architecture vulnerabilities “Spectre” and “Meltdown”.
Spectre: Exploits speculative (predictive) execution to allow user process to see Kernel memory
Meltdown: Exploits a Kernel process flaw that runs rogue data (out of order execution) when a process is faulted from a user process
Windows has updates [MANUALLY DEPLOYED] in some cases.
The patches can conflict with certain Antivirus products and cause a blue screen. o To get the patches, a registry key must be set
Some AV vendors are setting the registry key automatically
Other hardware firmware updates are often required