Spectre and Meltdown
As has been reported extensively in the media, on January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities – known as Meltdown and Spectre – that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.
publish date: January 25, 2018
The US Computer Emergency Response Team (CERT) has released an advisory (available here: https://www.us-cert.gov/ncas/alerts/TA18-004A ) which notes a number of affected vendors, and a range of vendors have promised that updates are already available or will be soon.
What makes these two vulnerabilities especially worrisome is that Meltdown affects devices which contain every Intel processor manufactured since 1995 (except Intel Itanium and Intel Atom before 2013), and Spectre affects almost every system including desktops, laptops, cloud servers and smartphones. All modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, the risk has been verified on Intel, AMD, and ARM processors.
To reduce the risk of attack, affected products should be updated as soon as security patches, firmware updates, and other workarounds become available. Devices such as servers, PCs, laptops, and smartphones, as well as routers, will all require updates. Although updates will make systems more secure, early industry testing is showing the possibility of performance degradation happening after the updating of systems has occurred.
For Intellicom customers with a managed server agreement, the Microsoft patch(es) related to these vulnerabilities either already have been, or will be, installed during your regular, agreed-upon maintenance window(s) unless we’ve been given specific instructions to exclude or hold off on deploying these patches (due to 3rd party app concerns). Same for customers with a managed workstation agreement. If you do not currently have a managed agreement with us to patch your servers and/or workstations, we invite you to contact us.
Unfortunately, software patching from Microsoft is only one piece of the risk prevention puzzle. There is also a hardware/firmware update piece, and a registry key piece. While the work associated with these two items is outside of your managed service agreement, Intellicom can assist you with both of them. The hardware update is unique to each hardware manufacturer (Dell, HP, etc.) and also is specific to different models within the same manufacturer. Because of this, the effort could be significant as each individual device may need to be evaluated and remediated separately.
Keep in mind Microsoft is only one of the affected vendors. To assure that patches released by other vendors (e.g. HP, Dell, etc.) are deployed to your affected devices, please email support@intellicominc.com with the word, “meltdown” in the subject line and we will assign an engineer to reach out to you to review your network and make recommendations to mitigate against this vulnerability.
The situation regarding these two new and dangerous vulnerabilities, and the responses from a variety of hardware and software makes regarding steps on how to mitigate the risk, is very fluid. Know that Intellicom is paying close attention, and that we will provide additional information as the situation becomes more stable and action steps become more clear.