Security Trends/Attacks
Arctic Wolf Networks

Assessing the Damage from the Meltdown and Spectre CPU Exploits

If operating systems are the brains of a computer–i.e., containing the essential infrastructure for making decisions, delegating responsibilities and monitoring the status of specific jobs and subordinate components–then CPUs are their hearts, providing the raw power and resources for executing these actions. For decades, a handful of processor architectures have dominated personal and enterprise computing across OSes, with Intel, AMD and ARM now leading the way.

CPU functionality is not normally top-of-mind for desktop and mobile users but that’s going to change starting now. The shocking Meltdown and Spectre vulnerabilities, discovered independently by multiple researchers, take advantage of fundamental design flaws in all chips manufactured through December 2017. The result is an extraordinary security risk to the data of any application on an OS supported by the exploited CPU types.

What Do Meltdown and Spectre Do?

The two CPU vulnerabilities differ slightly in their methods and effects:

  • Meltdown obliterates the isolation between an OS and the applications that run on it, opening the door for individual programs to discern the layouts and the contents of the protected memory areas associated with other apps and even with the OS itself. At the time of this writing, Meltdown had only been verified on Intel’s x86 processors.
  • Spectre capitalizes on the CPU technique known as speculative execution, whereby processors skip ahead in executing code for faster performance. This, however, enables malicious code to manipulate a processor to gain access to a portion of memory which it shouldn’t. Spectre tricks programs into leaking secrets to others on the same OS, via unnecessary speculative executions. Spectre has been verified on Intel, AMD and ARM chips.

Perhaps the most concerning danger from either threat is the harvesting of passwords and crypto-keys by malware on unpatched systems. This puts any and all sensitive information at risk. Spectre is believed to be more difficult to mitigate than Meltdown, but also a greater challenge for cyberattackers to leverage. Exploitations of both flaws leave no traces in traditional log files.

What’s Being Done to Mitigate the Damage?

Now for some good news: There are already numerous patches available for Meltdown, along with updates that protect against known threats reliant on Spectre. Some fixes, such as updates to Apple macOS High Sierra, were actually bundled into broader updates weeks ago. Ubiquitous tools like the LLVM compiler are also being hardened against future Spectre exploitation. In addition, this month Microsoft issued a rare out-of-band update to Windows 10 to reduce exposure to both Meltdown and Spectre.

How Do the Meltdown and Spectre Fixes Work?

The developer of the Pinboard bookmarking service tweeted that the discovery of Meltdown and Spectre is the computing equivalent to discovering your car might explode at any moment, and your only recourse is to wait until automakers build new factories and produce safer vehicles. In other words, the risk is broad and deep, and it will take years to address, even with rapid patching by chipmakers and OS developers.

Linux-based and Windows platforms, as well as cloud computing services that rely on them, appear to have suffered the most damage. The kernels of these OS families require substantial rewriting to close the Meltdown loophole. Unfortunately, these redesigns–included in the recent patches–create significant new overhead for CPUs, slowing down performance up to 30 percent in some cases.

Virtually every major CPU architecture is affected by these flaws.Virtually every major CPU architecture is affected by these exploits.

My System is Patched. Now What?

Once again, the biggest immediate danger from Meltdown and Spectre is their potential exploitation by malware. Both vulnerabilities are somewhat akin to chronic illnesses that weaken the body and invite opportunistic infections.

Unpatched cloud computing infrastructure is a prime risk. Services running on top of such infrastructure often support multiple users with a shared instance, in theory permitting cyberattackers in possession of a subscription to bypass the crucial partitions between different customers’ data.

A patched system definitely makes you safer, but malware’s overall challenges remain, seeking to exploit the next opportunity. The only path to sustainable safety for your organization is through implementation of a scalable and cost-effective security operations center (SOC).

Future-Proofing Your Defenses with SOC-as-a-Service

A modern SOC-as-a-service can successfully respond to and address malware and other threats that exacerbate the damage from critical flaws like Meltdown, Spectre and many others. Backed by dedicated security experts and routinely updated technology infrastructure with the latest threat intelligence feeds, Arctic Wolf’s AWN CyberSOC keeps you safe around the clock. Read this white paper to learn more.