2018 Exploit Twins, Meltdown and Spectre

Far reaching exploits, how do you protect yourself?

BOOM...2018, Bang...New Exploits.

Spectre and Meltdown Exploits.

What the ??

The year started with a BIG BANG. No... not the fireworks.

On the 3rd of January, Google Project Zero uncovered vulnerabilities that potentially impact all major CPU manufacturers, including Intel, AMD and ARM, which in turn impacts every PC, Laptop, Server and Smartphone, regardless of make or operating system. The news spread like wildfire, calling to action all Service providers, SaaS providers, Software developers, OS companies, ETC, to commence patching all their systems and environments. Even web browsers were not immune. The 2 exploits were named:

Meltdown - CVE-2017-5754 - this "lovely" uses a speculative execution to break the isolation between user application and the operating system, allowing any application to access all system memory, including kernel memory.

Spectre - CVE-2017-5753 and CVE-2017-5715 - Meltdown's twin, Spectre, breaks isolation between different applications, allowing an attacker controlled program to trick error-free programs into leaking their secrets. This one is going to take some time to be completely mitigated, because it will require the manufacturers to re-architect their CPU's.

The two vulnerabilities affect both physical and virtual CPU's.

Some agencies, went as far as stating that the only way to truly patch the issues, was to have the CPU's replaced. That however was not really a practical solution for anybody.

If you are a Secure-ISS hosted client, you'll be glad to know that our team went straight to work patching all our cloud infrastructure, servers, edge solutions and other hosted applications. By the end of last week, most of our infrastructure was already patched.


What now ??

Over the last week, most vendors made huge strides rolling out fixes and firmware updates. Microsoft, Apple and Google have already released meltdown patches.

Here is a list to the major vendor links to start the patching process:

Windows OS (7/8/10 and Edge/IE). - KB4056892

Apple Mac OS, iOS, tvOS and Safari - HT201222

Android OS - Android Bulletin

Firefox - MFSA2018-01

Google Chrome - Google has announced a new release for the 23rd of January. In the meantime, they suggest using a feature called site isolation.

Linux - Kernel

VMWare - VMSA-2018-0002

Be Vigilant.

Even though there are no active public attacks using these exploits currently, you can be sure that our nemesis, the malicious actors, are going to attempt to run these executables on a privileged user's system, using the same tried and trusted forms of probing, reconnaissance and delivery methods, and it is up to all of us to remain vigilant.

You've heard this all before but:

  • Don't open any unusual emails.

  • Don't connect to any unusual links.

  • Watch out for unusual links from Facebook friends, and other social media platforms.

  • Update your Antivirus and Edge solutions.

  • Update and harden your critical systems and infrastructure.

  • Improve your depth in defense, making the "bad guys" jump through hoops before they come near anything sensitive.

  • If you are you are feeling a little down and out with the bad news so early in the year, and would like some advice or help patching and hardening your environment, chat to us.

  • If you have more questions and would like more specific technical information on these exploits, chat to us.