Three CVE entries have been announced for the vulnerabilities titled Spectre and Meltdown which are affecting modern computer processors (Intel, AMD, ARM and Qualcomm processors). The CVE entries are the following:
– Rogue data cache load (CVE-2017-5754)
– Branch target injection (CVE-2017-5715)
– Bounds check bypass (CVE-2017-5753)
While still being under investigation and patches and firmware updates continue to be released, no exploitation of these vulnerabilities has been publicly reported until now. Proof of concept exploit code being developed to exploit these vulnerabilities has been available.
What is the impact of this attack?
CPU hardware implementations of modern processors are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information (e.g. steal sensitive information from the memory space of another process), still under specific circumstances including:
What our customers should do as part of mitigation and prevention actions
As patches and firmware updates continue to be released, customers are advised to contact their hardware and software vendors to verify that any patches and firmware updates being released can be applied. Customers may need to apply them to a test infrastructure for verification purpose to avoid any incompatibility issues. Customers who are utilizing a Cloud infrastructure (Amazon, Azure, etc) should contact directly their cloud providers for specific advisories.
The Security Operations Center of Obrela Security Industries has increased its readiness and verbosity over communication to list of suspicious IP addresses, network based attacks, suspicious email attachments/links, suspicious process/command execution and more.
Additionally, customers should:
– Third-party antivirus updates to Windows OS: https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software
– OS updates to systems running on AMD: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution