2018 - A Spooky Start Thanks to Spectre and Meltdown
In terms of computer security issues, 2018 has already created quite a stir, and Intel—the world’s foremost CPU chip manufacturer—is at the heart of much of it.
This vulnerability assessment is designed to provide you with the information you need to know, without having to spend hours researching and deciphering the technical jargon. Let’s keep the bad actors at bay!
Intel AMT, Meltdown & Spectre Vulnerabilities at a glance:
There are three vulnerabilities that are currently exposing millions of computer users to serious risks of data loss due to unauthorized access:
Intel® Management Engine Critical Firmware Update (Intel-SA-00086). This affects nearly every computer running Intel chips since 1995, and many systems built using AMD and ARM-based processors. It also affects Servers and selected IOT devices.
The processor side-channel vulnerabilities known as “#Meltdown” and “#Spectre”.
Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege (Intel-SA-00075). This affects many consumer and business machines built on Intel chips using 1st Gen Cores through 7th Gen Cores, and most business machines built or bought in recent years.
Questions and Answers:
Am I affected by this vulnerability? Most certainly yes. Several detection tools are linked to this document to facilitate accurate diagnoses.
Can my current antivirus protect against this threat? While possible in theory, this is unlikely in practice. Unlike usual malware, Meltdown and Spectre are hard to distinguish from regular benign applications. However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known.
Can I tell if I’ve been a victim of Meltdown and Spectre attacks? Unfortunately, no, not yet. The proof of concept attacks in controlled environments has left no traces in the forms of traditional logs or footprints.
Do workarounds and fixes exist? Yes, there are workarounds and fixes in the form of patches and firmware updates for both families of exploits.
Intel-SA-00086, Meltdown & Spectre:
The potential impact is far-reaching: Workstations and laptops, mobile devices and applications leveraging cloud-based infrastructure running on vulnerable processors can be exposed to unauthorized access and information theft, including passwords and personal information.
Meltdown can enable hackers to gain privileged access to parts of a computer’s memory. This affects Intel processors only.
Spectre can allow attackers to steal information from the core of a system. This affects Intel, AMD and ARM processors.
Can it be fixed? And what’s the impact?
Intel has released a detection tool which will determine if your computer is vulnerable.
Can it be fixed: Yes, depending on the age of your equipment service policies of your hardware vendor—some companies are not releasing firmware patches for systems they consider end-of-life. Also, please note that further patches and updates may be released to buttress the mitigations currently available. **UPDATE: The first round of firmware patches was unsuccessful. Intel disclosed that they were causing reboots, crashes and in some instances, data loss. Microsoft released an out-of-cycle patch to undo the Intel patches. Intel also suggested that people not deploy their initial release.
The patches will be released by hardware vendors to mitigate these vulnerabilities, once Intel’s new microcode has been tested.
Some software vendors are reporting ~15-30% slowdowns can be expected with some computer workloads after patching these vulnerabilities. This should be considered when deciding whether to patch the vulnerability, especially on ol