• (775) 229-4254
  • support@itmsnv.com

Call Today (775) 229-4254

The Meltdown and Spectre CPU Flaws

Posted: 1/4/2018 @ 6:00 AM
Updated: 1/5/2018 @ 10:50 PM

As everyone is aware a massive security vulnerabilities in some modern CPUs are forcing a redesign of the kernel software at the heart of all major operating systems. The issue exists in the CPU hardware itself, Windows, Linux, Android, macOS, iOS, Chromebooks, and other operating systems all need to protect against it. And worse, plugging the hole can negatively affect your PC’s performance the current figure is anywhere between a 5% to 30% degradation in the performance of the device. Everyday one she be aware that home users shouldn’t really be impacted that much. The scariest part about this issue is that the exploitation does not leave any traces in traditional log files. Alls you can really do is make sure you apply all available updates and keep your Anti-virus software updated as well. We have created a guide below to assist in checking your computer for this issue. As always you can also call us (775) 229-4254 and we can come assist, especially on server computer systems.

What Systems Are Affected By Meltdown?

Desktop, Laptop, and Cloud computers can be impacted by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). To date Meltdown has been tested successfully on Intel processor generations released as early as 2011. Currently, Meltdown has been verified on Intel processors. It is still unclear whether ARM and AMD processors are also affected by Meltdown.

What Systems Are Affected By Spectre?

Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.

What are the differences between Meltdown and Spectre CPU Flaws?

Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.

Additional Information

There have reports of issues with applying the Windows Update and some Anti-Virus programs. Here is a link to the Google sheet that can be used to check the status of different vendors fixing the issue: Google Sheets Anti-Virus Fix Sheet

How to Check and Update your Laptop or Desktop Computers (Click)

Instructions

Posted 1/5/2018

To help customers confirm whether protections have been enabled, Microsoft has published a PowerShell script that customers can run on their systems. Make sure and open Powershell in adminstrator mode. Install and run the script by running the following commands:

PS > Install-Module SpeculationControl

Run the PowerShell module to validate protections are enabled

PS > Get-SpeculationControlSettings

The output of this PowerShell script will look like the following. Enabled protections will show in the output as “True”.

PS C:\> Get-SpeculationControlSettings

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True

Windows OS support for kernel VA shadow is present: True

Windows OS support for kernel VA shadow is enabled: True

Windows OS support for PCID optimization is enabled: True

Below is a screen shot of a Microsoft Windows 10 computer that has had no windows updates applied. The arrows indicate the areas to look at.

Meltdown and Spectre CPU Flaws - IT Master Services

Below is the Microsoft Windows Update that needs to be applied to your desktop or laptop computer. Windows Update KB4056892

Below is a screen shot of one our computers that has not been completely updated. You can see the suggested instructions that need to be completed. This is all you can really do unless the manufacturer has released a Bios update. This is the most common scenario you will see on Microsoft Windows desktop and laptops

Meltdown and Spectre CPU Flaws - IT Master Services

When the output is all green and each item is set to True, as shown below, then you are now protected from these attacks.

Meltdown and Spectre CPU Flaws All Updated - IT Master Services

Once you're done, remember to set the Powershell execution police back to a restricted mode, which may be useful in mitigating malware attacks that use Powershell to run malicious commands.

Set-ExecutionPolicy Restricted

How to Check and Update your Windows Servers (Click)

Instructions

Posted 1/5/2018

Coming Soon, we promise!

Client Testimonials

In a world where all of us are dependent on computers, but most of us dwell somewhere between knowing almost nothing and knowing just enough to get ourselves in trouble, trustworthy network support means everything but is not easy to find. IT Master Services always helps when we need it most!

Amanda S.
Reno, Nevada