ADVISORY: Spectre and Meltdown leave microprocessors vulnerable to attacks

Spectre and Meltdown are the first large vulnerabilities of the year 2018. Discovered shortly after New Year’s Eve, the scale of their impact is huge, affecting almost every computing device: computer, tablet, telephone and much more. Enterprises are the most concerned by these vulnerabilities. As the flaws are present in the architecture of the processor itself, they can allow attackers to access confidential data when it is treated by the processor. Discover in this article, advice from the DenyAll Research Center (DARC) team on how to react and being protected against these vulnerabilities.

What happened with Spectre and Meltdown flaws?

Major vulnerabilities named Meltdown and Spectre have emerged, impacting almost all modern microprocessors. These vulnerabilities allow programs to read data through the memory of other programs processed by the microprocessor. Normally, programs are not authorized to perform this.

An attacker could exploit the Meltdown and Spectre vulnerabilities to steal secret data used in other running programs like passwords, emails, documents, etc…

All recent Intel x86 microprocessors and some ARM-based microprocessors are affected. AMD microprocessors are not affected by the Meltdown vulnerability but are impacted by the variant one of the Spectre vulnerabilities.

Today, almost every system is using these microprocessors. It means that most systems are affected, including servers, desktops, laptops and mobile devices.

Cloud providers and hypervisors are also greatly impacted, as a virtual machine can possibly access the memory of another virtual machine running in the same host, meaning that a malicious customer could steal information from another customer.

Sources: https://meltdownattack.com/

Detail of Spectre and Meltdown vulnerabilities

Spectre – Variant 1: bounds check bypass (CVE-2017-5753)

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Spectre – Variant 2: branch target injection (CVE-2017-5715)

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Meltdown – Variant 3: Rogue data cache load (CVE-2017-5754)

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

The Google Project Zero team has developed a proof of concept for each vulnerability but currently attacks are quite slow, especially when exploiting the Spectre Variant 2 used to steal data from another virtual machines on a same hypervisor.

For more details, see https://googleprojectzero.blogspot.fr/2018/01/reading-privileged-memory-with-side.html

DenyAll Statement on Spectre and Meltdown vulnerabilities

DenyAll products are not affected because they do not execute untrusted data, nonetheless the operating systems will be updated as soon as fixes are released to keep them safe from Meltdown and Spectre vulnerabilities.

Please note that, when running in a virtual machine, information from DenyAll products (including secrets) may be leaked to other untrusted virtual machines running on a same vulnerable host. We therefore advise to update hypervisors, microcode for processors, and all guest systems running on the same host (guests’ update may be less critical provided the host is up to date).

DenyAll WAF and rWeb

Kernel updates will be available for the following versions:

  • i-Suite 5.5.x
  • DenyAll WAF 6.4.1
  • DAOS 10 for rWeb

For customers using Dell appliances, BIOS updates are available to enhance the processors microcode helping the mitigation of the Spectre Variant 2 vulnerability:

Cloud Protector

The cloud provider for Cloud Protector has already deployed an update on his platform. Virtual machines for Cloud Protector will be updated soon.

Vulnerability Manager

A kernel update for Ubuntu will be available soon. To perform the update, open the administration interface, go to Configuration and Check for updates.

About the DARC

The DenyAll Research Center (DARC) is an internal division of DenyAll, which focuses on threat analysis and mitigation. Over the last 10 years, this department’s research has contributed to the design of state-of-the art Web application security solutions. More information on DenyAll can be found at www.denyall.com

Xavier Quoniam, Marketing Manager on Linkedin
Xavier Quoniam, Marketing Manager
Xavier is our Marketing Manager. He is passionate about disruptive technologies that transform how companies communicate. He brings us its passion, curiosity, and fresh ideas to promote DenyAll and Cloud Protector at its best.

By continuing to browse on our website, you agree to the use of Cookies for: (i) the operation and interactivity of our website, (ii) measuring the audience of our website and analyse your browsing. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close