The RedLegg team has been fielding calls from clients, friends, and family about these vulnerabilities that have been drawing a lot of attention this week. Known as Meltdown and Spectre, these bugs have been making the rounds and stirring up a fuss in typical fashion. There is significant implication as to the damage that could result from successful exploit of these issues, but we wanted to present some additional facts for consideration. Here's what we know:
- Meltdown - This vulnerability allows any application to access all system memory, including memory allocated for the kernel. Patches are being rolled out and should be applied as soon as possible. So far, research indicates that only Intel chips have been shown to be vulnerable.
- Spectre - This vulnerability allows an application to force another application to access arbitrary portions of its memory, which can then be read through a side channel and affects nearly every CPU built on the x86 architecture. This vulnerability may require changes to processor architecture in order to fully mitigate. According to leading research, this vulnerability impacts Intel, AMD, and ARM chips. Due to the development lifecycle implemented by processor manufacturers, this issue will likely be around for a very long time.
Exploitation is possible. Security researchers produced and release proof of concept exploit code within roughly a day. There is no reason to believe that the bad guys will be working feverishly to weaponize these and deploy them for nefarious means. And while there definitely is significant risk associated with these vulnerabilities, there is no proof or reason to believe weaponized expoloit code is in use in "the wild".
RedLegg is sending this advisory to our clients with the recommendation to inventory systems by processor type, apply vendor patches as they become available, and track the progress of the updates.
- Microsoft has issued a patch for Windows 10, while other versions of Windows will be patched on the traditional Patch Tuesday on January 9, 2018.
- MacOS 10.13.2 mitigates some of the disclosed vulnerabilities, but MacOS 10.13.3 will enhance or complete these mitigations.
For clients using Qualys Vulnerability Management, Qualys will release QIDs for any vendor patches that mitigate this vulnerability. To determine processor type, you can search the results of these QIDs:
- QID 43113 : Processor Information for Windows Target System
- QID 43110 : Apple Macintosh Processor Architecture
- QID 115048 : Processor Information for Unix Target
- QID 45177 : Processor Information for Solaris Target
We appreciate the opportunity to partner with each of you, and continually work to build stronger awareness and security posture for ourselves, and our clients.
Here's to a safe, secure 2018!