subject: meltdown cve-2017-5754 | spectre cve-2017-5753, cve-2017-5715
1. overview/background
meltdown and specter are attack scenarios that exploit critical vulnerabilities in modern processors. these security holes in hardware allow malicious programs to steal data that is processed locally on a pc.
as early as last june, jann horn – a research member of google project zero – informed the processor vendors intel, amd and arm about the vulnerability. at the beginning of january 2018, meltdown and specter became public. these affect almost all microprocessors.
all relevant operating systems are affected by meltdown and specter, such as:
- microsoft windows
- linux
- macos
- ios
- android
- freebsd
about meltdown
meltdown breaks the most basic isolation between user applications and the operating system. in other words, the boundary between user area and protected area in a cpu is "melted down". this attack allows a program to access the memory and thus sensitive information of other programs and the operating system. this applies to both pcs and the cloud infrastructure.
this bug concerns i.a. intel and arm cpus that use out-of-order execution, that is, any processor made after 1995 (exceptions are intel itanium and intel atom, which were manufactured before 2013). meltdown is an interplay of internal behaviors of intel cpus that cause protected memory to be read. with programs that should not be able to.
the cause for the simplicity and power of meltdown are the side effects caused by the out-of-order execution feature. out-of-order execution is an important feature of today's processors to reduce latencies of busy execution units, e.g. to overcome a program. instead of halting execution, modern processors perform operations "out-of-order", meaning they look ahead and plan to perform operations later. this takes place in the idle execution units of the processor. this area is not specifically protected, but user-level access is usually not possible. with meltdown it is possible to read this protected area.
about spectre
spectre breaks the isolation between different applications. specter is much more complex and affects not only the intel processors, but also other manufacturers such as amd or arm.
here is the keyword "speculative execution". this also achieves a performance advantage through "over-execution" or "over-utilization". the processor makes various performance calculations to answer the request of a program in a matter of nano seconds.
however, most of these forecasts are not used and eventually discarded. these then end up in a cache memory in the cpu. spectre can access this area or induce processors to execute instructions they should not have done. therefore, specter gets access in the form of a malicious application such as javascript to confidential information in the memory of other applications.
2. general safety instructions
in general, it is advisable to perform the updates of the respective operating systems, manufacturers of computer systems, processor manufacturers and software applications. here is a corresponding list with the links to the pages of the manufacturers: https://meltdownattack.com/#faq-fix
in the course of the published updates on january 3rd, 2018, microsoft announced some compatibility issues with antivirus software. here is a statement from microsoft and recommendations for action: https://support.microsoft.com/en-hk/help/4072699/january-3-2018-windows-... meanwhile, the antivirus manufacturers have responded to this circumstance. check with your provider, if it has provided a corresponding update.
in general, the updates can affect the performance of the processors. from the series intel core i-6000 (skylake) the losses are low. for older processors, a slowdown is noted. microsoft has given a detailed assessment here: https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understandin...
intel has released its own performance benchmark here: https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/blog-benc...
3. rohde & schwarz cybersecurity endpoint- and management products
at rohde & schwarz cybersecurity we recommend the following:
1. install the respective patches / updates for the platform / operating system. below is a list of products that require such an update:
- browser in the box
- trusteddisk
- trustedgate
- trustedidentity manager
2. install the respective operating system patches / updates of the platforms from which the management component is accessed via a browser.
below is a list of products that require an update:
- commandcenter
- sitscope
- trustedobjects manager
4. please contact us!
if you have further questions or your product used by us is not listed or if you any concerns, then please contact us.
