A new class of attacks that exploit the ability of nearly all processors to execute code ahead of schedule (a technique called speculative execution) to optimize performance was announced starting January 5, 2018. These two vulnerabilities, colloquially named Meltdown and Spectre, would allow potential attackers to read the memory contents of areas on the computer that are normally not accessible, including the computer’s operating system memory, which may allow the attacker to gain access to sensitive information, such as passwords or other secrets.
The Meltdown and Spectre vulnerabilities impact nearly every modern computer system, even mobile devices, and therefore includes servers that are running Interset software. While redesigned processor firmware is the only way to truly solve the problem, software patches to the underlying operating system (e.g. Linux in the case of Interset) offer a way to prevent attacks (in the case of Meltdown) or reduce the risk of attacks (in the case of Spectre), without requiring any hardware or firmware changes. In addition, software patches to prevent Spectre attacks are being actively researched at the time of this writing.
See the following for a good overview of Meltdown and Spectre:
- Overview of Meltdown and Spectre attacks: https://meltdownattack.com/
- Software methodology to potentially patch Spectre: https://support.google.com/faqs/answer/7625886
How can I confirm I am impacted?
All machines running modern Intel processors are impacted by Meltdown, and nearly all processors from Intel, AMD and ARM are impacted by Spectre.
Risk Assessment to Interset Software
In theory, malicious code that is executed on any vulnerable system can read sensitive information that may be contained in the system’s memory. The code needs to be specially crafted to take advantage of the exploit, and executed on the vulnerable system. The technical requirements required for the exploit are detailed in the Meltdown and Spectre technical papers, listed below.
- Meltdown technical paper: https://meltdownattack.com/meltdown.pdf
- Spectre technical paper: https://spectreattack.com/spectre.pdf
The above also means that the attacker requires either system access to the machine running Interset software, or a secondary code execution exploit.
While the risk of an external attack on Interset software based on the above is low, the potential impact is high and as a result Interset strongly recommends patching the Linux operating system of all machines running Interset software, especially if those machines are running services in addition to Interset.
Note that at the time of writing, Linux patches for Meltdown and Spectre are still being assessed, developed, released, and validated. As a result, you should monitor your operating system’s security bulletins for available patches and apply them as they become available.
For the latest information on patches for RedHat Enterprise Linux or AWS-hosted systems, monitor the following locations for ongoing information and remediation steps.
- RedHat: https://access.redhat.com/security/vulnerabilities/speculativeexecution
- Amazon Web Services: https://aws.amazon.com/security/security-bulletins/AWS-2018-013
In most cases, patching involves issuing the following command on all machines:
- sudo yum update kernel
If you are running Interset on Interset’s cloud hosting, the Interset security team will be remediating your systems on your behalf, as patches become available. Potential system outage times will be communicated to you in advance.Note that after the update is complete, a reboot will be required.
Interset will continue to communicate information as the situation developers or if additional remediation steps become clear.
- CVE-2017-5715 (Meltdown #1): https://nvd.nist.gov/vuln/detail/CVE-2017-5715
- CVE-2017-5753 (Meltdown #2): https://nvd.nist.gov/vuln/detail/CVE-2017-5753
- CVE-2017-5754 (Spectre): https://nvd.nist.gov/vuln/detail/CVE-2017-5754
- Google Project Zero technical analysis: https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html
- Events timeline: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
Please feel free to contact Interset Support at firstname.lastname@example.org, or your Interset Customer Solutions representative, for additional information or support at any time.