2018 Exploit Twins, Meltdown and Spectre
Far reaching exploits, how do you protect yourself?
Spectre and Meltdown Exploits.
What the ??
The year started with a BIG BANG. No... not the fireworks.
On the 3rd of January, Google Project Zero uncovered vulnerabilities that potentially impact all major CPU manufacturers, including Intel, AMD and ARM, which in turn impacts every PC, Laptop, Server and Smartphone, regardless of make or operating system. The news spread like wildfire, calling to action all Service providers, SaaS providers, Software developers, OS companies, ETC, to commence patching all their systems and environments. Even web browsers were not immune. The 2 exploits were named:
Meltdown - CVE-2017-5754 - this "lovely" uses a speculative execution to break the isolation between user application and the operating system, allowing any application to access all system memory, including kernel memory.
Spectre - CVE-2017-5753 and CVE-2017-5715 - Meltdown's twin, Spectre, breaks isolation between different applications, allowing an attacker controlled program to trick error-free programs into leaking their secrets. This one is going to take some time to be completely mitigated, because it will require the manufacturers to re-architect their CPU's.
The two vulnerabilities affect both physical and virtual CPU's.
Some agencies, went as far as stating that the only way to truly patch the issues, was to have the CPU's replaced. That however was not really a practical solution for anybody.
If you are a Secure-ISS hosted client, you'll be glad to know that our team went straight to work patching all our cloud infrastructure, servers, edge solutions and other hosted applications. By the end of last week, most of our infrastructure was already patched.
What now ??
Over the last week, most vendors made huge strides rolling out fixes and firmware updates. Microsoft, Apple and Google have already released meltdown patches.
Here is a list to the major vendor links to start the patching process:
Windows OS (7/8/10 and Edge/IE). - KB4056892
Apple Mac OS, iOS, tvOS and Safari - HT201222
Android OS - Android Bulletin
Firefox - MFSA2018-01
Google Chrome - Google has announced a new release for the 23rd of January. In the meantime, they suggest using a feature called site isolation.
Linux - Kernel
VMWare - VMSA-2018-0002
Be Vigilant.
Even though there are no active public attacks using these exploits currently, you can be sure that our nemesis, the malicious actors, are going to attempt to run these executables on a privileged user's system, using the same tried and trusted forms of probing, reconnaissance and delivery methods, and it is up to all of us to remain vigilant.
You've heard this all before but:
Don't open any unusual emails.
Don't connect to any unusual links.
Watch out for unusual links from Facebook friends, and other social media platforms.
Update your Antivirus and Edge solutions.
Update and harden your critical systems and infrastructure.
Improve your depth in defense, making the "bad guys" jump through hoops before they come near anything sensitive.
