It’s been more two weeks already since the vulnerabilities were announced that would affect microprocessors, mainly those of Intel and, to a lesser degree, AMD, as well as those based on ARM architecture. Here, we told you a bit about what’s been going on, but if you don’t feel like reading the whole thing, one of the best summaries we’ve seen on the differences between the two vulnerabilities and their effects can be found at Daniel Miessler’s blog.
What can be done if these vulnerabilities are exploited?
An attacker could have access to sensitive information in the system’s memory, even if the user who is on the device doesn’t have any permissions. And an attack could be launched simply by visiting a compromised webpage.
What needs to be updated to be protected?
The normal thing would be for the manufacturer to resolve your product’s vulnerability (in this case Intel, AMD, Apple, etc.) by means of an update. However, in this case it is not a simple update operation, and although manufacturers are still working on different patches that can be applied to their processors (in any case it does not seem that they can get a definitive solution, rather corrections than actual solutions to the problem), it is still something that is causing problems.
Intel, for example, has provided microinstruction updates for PC assemblers to apply to their processors, but they seem to be causing mysterious reboots on those machines, something Intel is still studying to see what causes it. The latest update we’ve had is this statement from Intel, in which they directly ask everyone to stop applying the patches they have published until they solve it:
“We recommend that OEMs, cloud service providers, system manufacturers, software vendors, and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior”.
Because of all this, processor manufacturers went to the developers of different operating systems (Windows, iOS, Chrome OS, etc.) to find a solution that covers the gap created by these vulnerabilities. Moreover, browser manufacturers are working on solutions to mitigate the problem, or at least the risk that the attack can be carried out from the browser through a malicious or compromised page.
Here you have the links to these manufacturers’ pages indicating the updates and measures that have been taken:
And what about security solutions?
In the case of Windows, it turns out that when developing the solution Microsoft realized that some antivirus manufacturers showed blue screenshots if the update was applied, which is why it decided that the update would not be applied until the manufacturer added an entry in the Windows registry giving the “green light” for the update.
While Panda’s solutions did not cause these blue screenshots, Microsoft only updates the operating system with the security patch if the registry entry is present. We proceeded to apply this registry entry to our customers. Here are the details: https://www.pandasecurity.com/en/support/card?id=100059
If in addition to Panda you use some other security solution and you need to know their status, Kevin Beaumont has a table with the information from all the manufacturers here.
Are there real attacks that use Meltdown or Specter?
Not yet. But the keyword is “yet.” It is only a matter of time before these vulnerabilities are incorporated into attacks to gain access to sensitive information. We’ve said it before and we’ll say it again: it is very, very important to update.