Protecting your CPU from Meltdown and Spectre

Posted in Latest News, Tech News On January 15, 2018
Meltdown and Spectre

If you think your CPU is secure, you might be more vulnerable than you think. According to a recent talk at the SolarWinds MSP conference, complacency is your biggest threat. Today we are looking at Meltdown and Spectre and how you can protect your CPU with a security update.

If you have a modern computing device, you should be aware of some vulnerabilities. Security research recently revealed some major flaws in Processor chips (CPUs, not so much GPUs) manufactured over the last 10 years, affecting Windows, MacOS, Linux, iOS, Android and IoT devices. You might already be aware and have installed security updates to mitigate these flaws, but further updates are expected across the board. This creates a Security and Device Management nightmare.

What Are the Vulnerabilities?

We are looking at a security bug at chip level and the way it interacts with the OS. The design flaw has been found in Intel, AMD, and ARM CPU’s, affecting the majority of modern CPUs. This prompting OS and Software providers to release updates as the fixes cannot be made at hardware level. If your OS is out of support, then the providers may not release patches to secure the OS and CPU. In that case, upgrading or migration would be your only solution.

Exact details on the flaws have not been officially released (as a security measure – to not completely expose the vulnerabilities), however some information has been confirmed. theregister.co.uk stated “the bug is present in modern Intel processors produced in the last decade. It allows normal user programmes, from database applications to Javascript in web browsers, to discern to some extent, the layout or content of protected kernel memory areas”.

This means that the kernel’s data and code can be viewed in the page table, bugs that were named Meltdown and Spectre which prompted kernel page-table isolation patches (KPTI). KPTI patches have been set up to protect this data and code by making he kernel invisible in a different address space.

Tips on Protecting Your Devices

Security updates have been released across a range of devices running Windows, Linux and Apple operating systems which are patching some of the vulnerabilities. But it seems Spectre will be a much harder foe to eradicate as 2 variants have been identified with suggestions fully eradication would be replacement CPUs. More positively the Meltdown vulnerabilities are being mitigated. We have listed some of these updates below as a guide:

First and foremost, before applying any updates we would ALWAYS recommend a full Backup of your System and Data. Be sure to check your latest Backup was successful.

Windows

Microsoft have released emergency security updates, ahead of their usual ‘Patch Tuesday’ schedule for various builds of Windows 10. However, these updates won’t install unless your AV has confirmed its compatible. AV companies are now playing catch-up and frantically developing and testing their own updates to facilitate this. Security researcher Kevin Beaumont has created a public spreadsheet tracking AV Products compatibility status. Click here to check out your AV status. Once your AV supports the Patches, run an AV program and definition update before running the Windows Updates.

More alarmingly, Microsoft have pulled security patches for PCs running some AMD processors. The updates were causing boot failure. If you have an AMD processor be sure to check the web for the latest news on Windows Updates.

To run Microsoft updates, click on the start button and start typing ‘update’. ‘Check for updates’ should appear so click on this and follow the on-screen instructions.

Windows update check

Apple

Apple have released MacOS High Sierra 10.13.2 and iOS 11.2.2 updates. To run MacOS update, open up the App Store  and check the Updates tab.

 

Apple update check

To run an update on iOS, go into Settings > General > Software Update.

Apple have recommended that MacOS and iOS users refrain from downloading applications outside of the Apple App Store, as malicious applications could facilitate the Spectre and Meltdown exploits.

Linux

If you’re running any flavour of Linux with an Intel, AMD or ARM process be sure to check for the latest OS patches via your usual methods, Yum, apt-get, or enterprise solutions like Puppet.

Android

Android released a security update on 5th January to protect Android phones. Some phones, including the Pixel, Pixel 2, Nexus 5X and Nexus 6P should automatically update, with other phones requiring a manual install. If in doubt, check with your phone manufacturer.

OVH have a non-exhaustive Patch Availability for Servers here.

The important thing is not to panic. These flaws have existed for some time and operating systems are addressing the issues with updates.

However, with security and device management becoming more and more of an issue, you can never be too stringent on the attention to detail.

Need some advice on your Device Management and Security? We can help. Our IT support service offers Server, Workstation and Mobile device management and monitoring, Patch Management, Security Checks, Managed Anti-Virus, Web Protection, Managed Backup and Disaster Recovery. Call us on 0203 761 3520 to discuss your needs.