Windows 10: Meltdown and Spectre: what you need to know


  1. Posts : 29,402
    64-bit Windows 10 Pro build 17672
       06 Jan 2018 #1

    Meltdown and Spectre: what you need to know


    Overview

    If you’ve been keeping up with computer news over the last few days, you might have heard about Meltdown and Spectre, and you might be wondering what they are and what they can do. Basically, Meltdown and Spectre are the names for multiple new vulnerabilities discovered and reported for numerous processors. Meltdown is a vulnerability for Intel processors while Spectre can be used to attack nearly all processor types.

    The potential danger of an attack using these vulnerabilities includes being able to read “secured” memory belonging to a process. This can do things like reveal personally identifiable information, banking information, and of course usernames and passwords. For Meltdown, an actual malicious process needs to be running on the system to interact, while Spectre can be launched from the browser using a script.

    Microsoft, Google, Mozilla, and other vendors have been releasing patches all day to help protect users from this vulnerability. Some of the updates from Microsoft may negatively interact with certain antivirus solutions. However, Malwarebytes is completely compatible with our latest database update. The best thing to do to protect yourself is to update your browsers and your operating system with these patches as soon as you see an update available.

    For a quick guide on how to protect yourself from this threat, please check out “Meltdown and Spectre Vulnerabilities – what you should do to protect your computer” on the Malwarebytes support knowledge base.

    Details

    The Google Project Zero team, in collaboration with other academic researchers, has published information about three variants of a hardware bug with important ramifications. These variants—branch target injection (CVE-2017-5715), bounds check bypass (CVE-2017-5753), and rogue data cache load (CVE-2017-5754)—affect all modern processors.

    If you’re wondering if you could be impacted, the answer is most certainly yes.

    The vulnerabilities, named Meltdown and Spectre, are particularly nasty, since they take place at a low level on the system, which makes them hard to find and hard to fix.

    Modern computer architecture isolates user applications and the operating system, which helps to prevent unauthorized reading or writing to the system’s memory. Similarly, this design prevents programs from accessing memory used by other programs. What Meltdown and Spectre do is bypass those security measures, therefore opening countless possibilities for exploitation.

    The core issue stems from a design flaw that allows attackers access to memory contents from any device, be it desktop, smart phone, or cloud server, exposing passwords and other sensitive data. The flaw in question is tied to what is called speculative execution, which happens when a processor guesses the next operations to perform based on previously cached iterations.

    The Meltdown variant only impacts Intel CPUs, whereas the second set of Spectre variantsimpacts all vendors of CPUs with support of speculative execution. This includes most CPUs produced during the last 15 years from Intel, AMD, ARM, and IBM.

    It is not known whether threat actors are currently using these bugs. Although due to their implementation, it might be impossible to find out, as confirmed by the vulnerability researchers:

    Can I detect if someone has exploited Meltdown or Spectre against me?
    Probably not. The exploitation does not leave any traces in traditional log files.

    While there are no attacks reported in the wild as of yet, several Proof of Concepts have been made available, including this video that shows a memory extraction (using a non-disclosed POC). This is particularly damaging because 1. There aren’t many options for protection currently and 2. as previously stated, even if threat actors do spring to action, it might be impossible to verify if that’s the case.

    Mitigations

    Because the Meltdown and Spectre variants are hardware vulnerabilities, deploying security programs or adopting safer surfing habits will do little to protect against potential attack. However, a patch for the Meltdown variant has already been rolled out on Linux, macOS, and all supported versions of Windows.

    According to our telemetry, most Malwarebytes users are already able to receive the latest Microsoft update. However, we are working to ensure that our entire user base has access to the patch.

    Unfortunately, Microsoft’s fix comes with significant impact on performance, although estimates of how much vary greatly. An advisory from Microsoft recommends users to:

    1. Keep computers up to date.
    2. Install the applicable firmware update provided by OEM device manufacturers.

    If you are having issues getting the Windows update, please refer to this article, as Microsoft has stated some possible incompatibility issues with certain security software.

    No software patch for Spectre is available at the time of this article. Partial hardening and mitigations are being worked on, but they are unlikely to be published soon.

    The Spectre bug can be exploited via JavaScript and WebAssembly, which makes it even more critical. It is therefore recommended to apply some countermeasures such as Site Isolation in Chrome. Mozilla is rolling out a Firefox patch to mitigate the issue while working on a long-term solution. Microsoft is taking similar action for Edge and Internet Explorer.

    Cloud providers (Amazon, Online.net, DigitalOcean) also rushed to issue emergency notifications to their customers for upcoming downtimes in order to prevent situations where code from the hypervisor could be leaked from a virtual machine, for example.

    The aftermath from these bugs is far from being completely understood, so please check back on this blog for further updates.

    Vendor advisories:



    Source: Meltdown and Spectre: what you need to know - Malwarebytes Labs | Malwarebytes Labs


    See also: Windows Client Guidance against speculative execution vulnerabilities - Windows 10 Forums
    Last edited by Brink; 06 Jan 2018 at 18:39.
      My ComputersSystem Spec


 

Related Threads
Hi, I just switched from a '11 Macbook Pro to a '17 HP Spectre x360. I need to get Adobe Creative Suite onto my new laptop, or at least just Photoshop, Illustrator and InDesign. I don't want to use the silly subscription adobe offers now. I have...
Hi! So my computer went up in smoke, a big white plume of smoke, yay. I got most parts replaced under warranty, unfortunetly the motherboard and GPU had to be replaced with newer parts. My installation of Windows 10 Pro is a free upgrade from...
Hi,I have purchased the above machine and need some advice on a few aspects...HP have loaded their own updater/messages/support software which I would like to unload. Is this safe and recommended? Will removing this also remove any HP loaded device...
Hi Chaps, BRANDNEW. ARRIVED 6 DAYS AGO HP Spectre x360 13-4109na -(Intel Core i7-6500U, Windows 10, 8GB DDR3L, 512GB SDRAM, Intel HD Graphics520) Supplied with Windows 10home and updated to Windows 10 home with m/s update 1511 Video Scheduler...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:43.
Find Us