In an ever growing drive to create faster and faster processors a type of processing known as speculative processing was born. Speculative processing allows the Central Processing Unit (CPU), the brain of the computer, to process commands and data out of order instead of bottle necking at a single process that might take longer than another. Each time a program is run it gets a permissions check. Some programs are trusted and other programs are not. Programs that are not trusted do not get to operate on the deeper memory layers like the kernel of the operating system.
The attacks now dubbed “Meltdown” and “Spectre” are aimed at making requests to the deeper levels of the the memory where passwords, crypto keys and private files are kept before the processor has made a permissions check. This utilizes the speculative processing system by making the request to the deeper memory layers smaller and non dependent upon the permissions check. The real kicker in all of this is the presence of this flaw since 1995. If you didn’t do the math, that is 22 years of computers, mobile devices and other computing machines that have this vulnerability.
Most of the major manufacturers and Intel itself have or are currently issuing patches for the vulnerability. Windows released a patch outside of their normal Tuesday release schedule. Amazon Cloud Services and Google Storage have both announced slowdowns of speeds and scheduled down time to patch their massive architectures. The reality is that this vulnerability will be with the industry for many years to come. The sheer number of devices and machines effected by it is staggering and the ease of which a person might utilize this is also cause for concern. What we can expect is that any fix that is implemented will most likely undo some of the speed gains from speculative processing meaning that systems will experience a degradation in performance to remove the vulnerability.
- Ensure Windows Updates are current.
- Ensure Anti Virus is up to date. This is particularly important in this case, not because this issue is a virus (it is not) but because of the implications of this particular issue and how AV interacts with the processors. Windows Updates will no longer work for computers with Anti Virus products that haven’t updated for compatability with the new changes.
The second point is especially important as you will not be able to receive windows updates until you have either removed the old Anti Virus or updated it to the latest version.
If you need help or want to consult on your companies strategy for addressing this vulnerability please contact us.
Also published on Medium.