The Meltdown and Spectre CPU Flaws
Posted: 1/4/2018 @ 6:00 AM
Updated: 1/5/2018 @ 10:50 PM
As everyone is aware a massive security vulnerabilities in some modern CPUs are forcing a redesign of the kernel software at the heart of all major operating systems. The issue exists in the CPU hardware itself, Windows, Linux, Android, macOS, iOS, Chromebooks, and other operating systems all need to protect against it. And worse, plugging the hole can negatively affect your PC’s performance the current figure is anywhere between a 5% to 30% degradation in the performance of the device.
Everyday one she be aware that home users shouldn’t really be impacted that much. The scariest part about this issue is that the exploitation does not leave any traces in traditional log files. Alls you can really do is make sure you apply all available updates and keep your Anti-virus software updated as well. We have created a guide below to assist in checking your computer for this issue. As always you can also call us (775) 229-4254 and we can come assist, especially on server computer systems.
What Systems Are Affected By Meltdown?
Desktop, Laptop, and Cloud computers can be impacted by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). To date Meltdown has been tested successfully on Intel processor generations released as early as 2011. Currently, Meltdown has been verified on Intel processors. It is still unclear whether ARM and AMD processors are also affected by Meltdown.
What Systems Are Affected By Spectre?
Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.
What are the differences between Meltdown and Spectre CPU Flaws?
Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.
There have reports of issues with applying the Windows Update and some Anti-Virus programs. Here is a link to the Google sheet that can be used to check the status of different vendors fixing the issue: Google Sheets Anti-Virus Fix Sheet
How to Check and Update your Laptop or Desktop Computers (Click)
To help customers confirm whether protections have been enabled, Microsoft has published a PowerShell script that customers can run on their systems. Make sure and open Powershell in adminstrator mode. Install and run the script by running the following commands:
PS > Install-Module SpeculationControl
Run the PowerShell module to validate protections are enabled
PS > Get-SpeculationControlSettings
The output of this PowerShell script will look like the following. Enabled protections will show in the output as “True”.
PS C:\> Get-SpeculationControlSettings
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID optimization is enabled: True
Below is a screen shot of a Microsoft Windows 10 computer that has had no windows updates applied. The arrows indicate the areas to look at.
Below is the Microsoft Windows Update that needs to be applied to your desktop or laptop computer.
Below is a screen shot of one our computers that has not been completely updated. You can see the suggested instructions that need to be completed. This is all you can really do unless the manufacturer has released a Bios update. This is the most common scenario you will see on Microsoft Windows desktop and laptops
When the output is all green and each item is set to True, as shown below, then you are now protected from these attacks.
Once you're done, remember to set the Powershell execution police back to a restricted mode, which may be useful in mitigating malware attacks that use Powershell to run malicious commands.
How to Check and Update your Windows Servers (Click)
Coming Soon, we promise!
Complete List of Security Advisories from Companies Affected