The first few days of 2018 have been filled with anxious discussions concerning a widespread and wide-ranging vulnerability in the architecture of processors based on Intel’s Core architecture used in PCs for many years, and also affecting ARM processors commonly used in tablets and smartphones.
According to Google’s research division, Project Zero, the flaws affect the microprocessors in the majority of the world’s computers, including mobile devices and cloud networks, and can allow hackers to access the entire contents of a computer’s memory.
The good news is that ESET can help protect against the types of malware that could take advantage of these vulnerabilities.
And, ESET was one of the very first security vendors to allow the Microsoft patch against the flaw to be enabled.
While ESET protects against potential malware infection, you should also take these steps to secure your computers and data:
- Make sure your browser is up to date. For Chrome or Firefox users:
- Mozilla has released information describing their response, including how Firefox 57 will address these security flaws.
- Google has stated, “Chrome 64, due to be released January 23, will contain mitigations to protect against exploitation.” In the meantime, you can enable “Site Isolation” found in current stable versions of Chrome to provide better protection.
- Make sure you update your ESET software, then update your Windows OS to protect against this exploit. To update ESET:
- ESET Home products (NOD32 Antivirus, Internet Security, Smart Security Premium)
- ESET Business products (Endpoint Antivirus, Endpoint Security, File and Mail Security and Virtualization Security)
- Customers should review ESET’s Knowledgebase article for important updates.
- See this great collection of tips, articles and recommendations from the Google Project Zero team.
- If you have a cloud-based server or have a website hosted by hosting provider, check to see what mitigations they have implemented already to prevent Meltdown.
At the time of this writing, not all details have been released, but reportedly the issue is that programs running in user-mode address space (the “normal” range of memory in which application software, games and the like run) on a computer can infer or “see ” some of the information stored in kernel-mode address space (the “protected” range of memory used to contain the operating system, its device drivers, and sensitive information such as passwords and cryptography certificates).
Fixes to prevent user-mode programs from “peering inside” kernel-mode memory are being introduced by operating system vendors, hypervisor vendors and even cloud computing companies, but it appears the initial round of patches will slow down operating systems to some extent.
The exact amount of slowdown is open to debate. Intel has stated the performance penalty will “not be significant” for most users, but Linux enthusiast site Phoronix has benchmarked performance penalties from 5-30%, depending upon what the computer is doing.
A long Reddit thread titled Intel bug incoming has been tracking the vulnerability since information about it began to appear on January 2, 2018; Ars Technica and The Register have had excellent coverage, as well.
Processor manufacturer AMD announced that they are unaffected, according to reports on CNBC and a message to the Linux Kernel Mailing List by an AMD engineer, but reports from both Google‘s Project Zero and Microsoft state that AMD processors are affected, which makes the situation less clear.
The Microsoft article goes on to note that this is not a Windows-specific issue, and that it affects Android, Chrome OS, iOS and macOS as well.
Here is a list of affected vendors and their respective advisories and/or patch announcements:
These vulnerabilities have three CVE numbers (a quasi-government standard for tracking computer security vulnerabilities and exposures) assigned to them:
|CVE-2017-5715||Branch Target Injection, exploited by Spectre|
|CVE-2017-5753||Bounds Check Bypass, exploited by Spectre|
|CVE-2017-5754||Rogue Data Cache Load, exploited by Meltdown|
For many years, processor manufacturers – such as Intel –have been able to fix flaws in processor architecture through microcode updates, which write an update to the processor itself to fix a bug.
For a – so far unannounced – reason or reasons, this vulnerability may not be not fixable this way in Intel processors, so instead, operating system manufacturers have collaborated with Intel to release patches for the vulnerabilities.
Intel’s security advisory, INTEL-SA-00088 Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method, lists forty-four (44) affected families of processors, each of which can contain dozens of models.
ARM Limited has released an advisory titled Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism that currently lists ten (10) affected models of processor.
As mentioned at the beginning of the article, ESET released Antivirus and Antispyware module update 1533.3 on Wednesday, January 3, 2017, to all customers to ensure compatibility with Microsoft’s updates to the Windows operating systems.
ESET is working alongside hardware and software vendors to mitigate the vulnerabilities posed by the vulnerabilities.
For additional information see: