Meltdown and Spectre Intel Processor Vulnerabilities: What You Need to Know
Microsoft, Linux, Google, and Apple started rolling out patches addressing design flaws in processor chips that security researchers named Meltdown and Spectre.
Here’s what you need to know about these flaws:
What are Meltdown and Spectre?
Meltdown can enable hackers to gain privileged access to parts of a computer’s memory used by an application/program and the operating system (OS). Meltdown affects Intel processors.
Spectre can allow attackers to steal information from the memory of running programs, such as credentials (passwords, login keys, etc.). Spectre reportedly affects processors from Intel, Advanced Micro Devices (AMD), and Advanced RISC Machine (ARM).
What’s the impact?
Intel processors built since 1995 are reportedly affected by Meltdown, while Spectre affects devices running on Intel, AMD, and ARM processors. The potential impact is far-reaching: Desktops, laptops, and smartphones running on vulnerable processors can be exposed to unauthorized access and information theft. Cloud-computing, virtual environments, multiuser servers-also used in data centers and enterprise environments-running these processors are also impacted. While these exploits exist, Intel and Google reported they have not yet seen attacks actively exploiting these vulnerabilities so far.
It’s also worth noting that the patches that have been released for Windows and Linux OSs can reportedly reduce system performance by five to 30 percent, depending on the workload.
Is there a fix?
Microsoft issued a security bulletin ahead of their monthly patch cycle to address these vulnerabilities in Windows 10. Updates/fixes for Windows 7 and 8 will be deployed on January 9th.
Google has released a Security Patch for Android covering updates that can further limit attacks that may exploit Meltdown and Spectre. A separate security update for Android will also be released on January 5th. Nexus and Pixel devices can automatically download the update. However, for other Android devices, users may need to contact their cell phone provider for the patch availability.
Apple’s macOS has been reportedly patched in version 10.13.2
If ICS is managing your environment, we have already begun scheduling and updating software as it is released. Microsoft, Apple, Google, etc. are working to fix these vulnerabilities as soon as possible. If you need assistance, or have any questions about this security alert, please email firstname.lastname@example.org, or call 607-757-9551.