Technology – Security Issue Impacting Most Electronic Devices – Meltdown and Spectre

Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It’s really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer on networks, including workstation and servers.

This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.

So, if the bad guys are able to get malicious software running on your computer, they may be able to get access to your passwords stored in a password manager or browser, your emails, instant messages, and documents.

The more severe vulnerability, Meltdown (CVE-2017-5754), appears isolated to Intel processors developed in the last 10 years. Spectre (CVE-2017-5715 and CVE-2017-5753) on the other hand, theoretically affects all processors that use speculative execution, including most modern processors manufactured by Intel, AMD, ARM and potentially more.

From a quick read of the many articles, mitigation will require OS patches and firmware updates from Intel, AMD, Arm, etc. For Microsoft, the patch is dependent on having an approved AV application running that sets a compatibility registry key that Microsoft updates will reference. Windows Defender and Microsoft Security Essentials are of course approved and can be used if nothing else is available.

Below are links to information for Microsoft, VMware, Apple, and AWS.

Microsoft Information

Windows Clients Impacted and Will be Patched

  • Windows 10 (RTM, 1511, 1607, 1703, 1709)
  • Windows 8.1
  • Windows 7 SP1

Windows Servers Impacted and Will be Patched

  • Windows Server 2008 R2 Service Pack 1
  • Windows Server 2012 R2
  • Windows Server 2016

Apple

VMWare (5.5, 6.5)

AWS

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.