Spectre and Meltdown Overview and Mitigation Details
Overview: As of January 3rd, 2018, multiple vendors started publicly releasing patches for CRITICAL security flaws related to modern CPU architecture vulnerabilities “Spectre” and “Meltdown”.
- Spectre: Exploits speculative (predictive) execution to allow user process to see Kernel memory
- Meltdown: Exploits a Kernel process flaw that runs rogue data (out of order execution) when a process is faulted from a user process
Windows has updates [MANUALLY DEPLOYED] in some cases.
The patches can conflict with certain Antivirus products and cause a blue screen. o To get the patches, a registry key must be set
Some AV vendors are setting the registry key automatically
Other hardware firmware updates are often required
- Apple states that updates are coming: https://support.apple.com/en-us/HT208394
- RedHat has updates available: https://access.redhat.com/security/vulnerabilities/speculativeexecution
- Cisco claims that updates are coming but exposure is limited: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104- cpusidechannel
- Update Firmware on all devices when related patches are released
- Update all Operating systems when related patches are released
- Provide layered security protections, behavioral analytics, and data transmission monitoring and control
- Spectre/ Meltdown system health checks
- Spectre/ Meltdown exploit detection tools