wo processor vulnerabilities are currently in the news, and here’s a summary on the vulnerabilities and how customers may be affected, in addition to how Pinnacle’s threat hunting services detect and mitigate risks in these exploits.
In a nutshell:
Meltdown allows a program to access the memory of other programs as well as the OS.
Spectre allows an attacker to trick error-free programs into leaking privileged data.
Spectre affects all of the processors, whereas Meltdown hits Intel and ARM processors.
Although these are new threats, current endpoint protections that perform memory anomaly scanning, like Cybereason or Cylance, may detect/prevent these memory exploits and feed our PeakPlus SECURE Platform with specifics.
The method of launching these attacks is similar to, if not exactly the same as, landing page exploits used for ransomware or exploit kits. We would expect to see Spectre and Meltdown use the same common attack vectors. Examples would be alerts similar to landing page or phishing attacks.
Spectre Official CVE: CVE-2017-5753 and CVE-2017-5715
Meltdown Official CVE: CVE-2017-5754
This can be mitigated by existing deployments of web proxies, firewalls, and IPs. Then, once patches for operating systems, web browsers, proprietary systems, security platforms, etc., are available, ensuring that the most up-to-date patches are deployed will be key to limiting access to the privileged memory.
Additional information on these vulnerabilities can be found at the following links:
- How 17 Security Vendors are Handling the Meltdown and Spectre Vulnerabilities
- https://meltdownattack.com/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
If you have concerns about Meltdown and Spectre in your organization, and need assistance to ensure that you are protected, please contact us.