Actu
eSentire Threat Intelligence Advisory: Meltdown/Spectre Attacks
January 2018 by eSentire
Cyber security company eSentire is aware of recently disclosed vulnerabilities in
many modern processors. Speculative execution side-channel attacks (known as
Meltdown and Spectre), could allow attackers to access information stored in
protected memory for processes and operating systems. This can include passwords,
key strokes, encryption keys and other sensitive data. eSentire has not observed
mass-scale exploitation at this time.
The vulnerability is primarily caused by CPU design choices, and CERT
(https://www.kb.cert.org/vuls/id/584653) [1] is recommending that affected
hardware [2] ultimately be replaced to fully remove the underlying
vulnerability.
Operating system and software vendors have released updates which mitigate these
vulnerabilities. Affected parties are highly encouraged to review and apply updates
for relevant CVEs (listed below) on affected systems, and monitor vendor
communication for updates as they are made available.
What you should do about it
Review and deploy the following recommended OS and software vendor updates:
· Microsoft Guidance for client and server operating systems [3].
· Various Linux distributions have released updates. Continue to monitor vendor
websites or repos for additional updates as they become available.
· VMware Guidance [4]
· Amazon AWS [5], Microsoft Azure [6] have begun patching underlying cloud
infrastructure.
Additional OS and software vendors are expected to continue releasing updates in the
coming days/weeks.
Web browsers running JavaScript are at risk. Malicious JS served via web
advertisements could be used to steal sensitive information.
eSentire recommends:
· Hardening web browsers against attack
· Block advertisements using an ad-blocker
· Update Mozilla Firefox to latest release [7]
· Implement Site Isolation in Google Chrome [8] ( Google indicates an update will
arrive January 23^rd2018)
· Ensure Microsoft Edge and Internet Explorer 11 updates are installed [9]
· Consider blocking JavaScript entirely (high risk of user resistance)
Additional information
This is issue is tracked in three CVEs:
CVE-2017-5753 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753)
(Bounds Check Bypass - Spectre)
CVE-2017-5715 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715)
(Branch Target Inspection - Spectre)
CVE-2017-5754 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754)
(Targeted cache side-channel attacks - Meltdown)
CVE-2017-5754 (Meltdown) affects Intel x86-64 processors, and is easier to exploit
than Spectre. Vendor updates are primarily targeting this CVE.
eSentire has not observed any attacks at this time and additionally, no major vendor
has indicated that attacks have been observed at this time.
Although CERT recommends replacing affected CPU hardware, this likely not feasible
for most organizations. We recommend following guidance from OS and software vendors
to apply updates on impacted systems in order to mitigate these vulnerabilities in a
timely manner.
For more information please visit:
https://spectreattack.com/ contains relevant links to papers and vendor security
bulletins.
[1] https://www.kb.cert.org/vuls/id/584653
[2] https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
[3] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
[4] https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html
[5] https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
[6] https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
[7] https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
[8] https://support.google.com/chrome/answer/7623121?hl=en-GB
