Don't Feed the Technician

Meltdown and Spectre

2018 – WEEK ONE

Hopes it would be a quiet end to the first week of 2018 have been crushed. As i’m sure you’re aware by now, the security world is in a flutter over the leaked announcment of two critical CPU vulnerabilities called Meltdown and Spectre.

Meltdown-Spectre-comparison-table.png

Meltdown

Meltdown can read the contents of private kernel memory from an unprivileged user process.

ALL Intel processors released since 1995 with the exception of Itanium and pre-2013 Atoms are effected. No AMD processors are affected by Meltdown.

Workaround patches have been released for Windows and Linux, Apple’s iOS has been patched since version 10.13.2.

Spectre

Spectre extract information from other running processes (ex: stealing login cookies from browsers).

Intel, ARM, and AMD processors are all reportedly affected to some degree. See this post for more specifics.

NO FIX: As of 05/01/18 there is currently no direct patch or fix for Spectre. According to researchers, the most likely exploitation of Spectre would be using JavaScript (say in a malicious ad) to leak information, session keys, etc. cached in the browser.

There have been two good posts by Microsoft that might be of help to fellow network administrators in a similar boat “SO, NOW WHAT”.

Guidance for Windows desktop users
Guidance for Windows Server users

Watchout though! Microsoft has said that during its testing phase, it had some anti-virus programs causing BSOD crashes that prevented computers from booting after the installation of the Meltdown and Spectre patches. Microsoft has said it instructed “anti-virus vendors to modify their products and create a registry key on customers’ computers when they’ve confirmed or updated their products so not to crash Windows PCs post-Meltdown/Spectre updates”. To help prevent BSOD caused by incompatible anti-virus applications, Microsoft will only show the Windows security updates published 3rd Jan, 2018 to devices running anti-virus software from partners who have fully confirmed their software is compatible with the January 2018 Windows operating system security update.

Note: Windows Server admins must enable the kernel-user space splitting feature once the update is installed. Amazon has issued updates to its AWS Linux guest kernels and Microsoft is rolling out fixes to Azure, as well. A good list of vendor advisories and updates is available here.

Amazon has released a security bulletin that provides information on how Amazon AWS services are affected by Meltdown and Spectre. In summary, this bulletin states:

This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices. All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours, with associated instance maintenance notifications.

While the updates AWS performs protect underlying infrastructure, in order to be fully protected against these issues, customers must also patch their instance operating systems. Updates for Amazon Linux have been made available, and instructions for updating existing instances are provided further below along with any other AWS-related guidance relevant to this bulletin.

FULL BULLETIN

 

It’s also worth checking and updating ALL internet browsers, Chrome, Firefox IE…

 

To enable the mitigations

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

Please check the following article about mitigation options for Server OS:

Windows Server guidance to protect against speculative execution side-channel vulnerabilities

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

 

Also checkout the windows KB4056890 patch at  > https://support.microsoft.com/en-us/help/4056890/windows-10-update-kb4056890

WARNINGMicrosoft’s Spectre-fixer bricks some AMD PCs

 

Patch Releases (last updated 09/01/2018 11:05 AM)

Not all patches have been released yet, but it is likely that initial patches will be released by the previously planned date of 9th January.

RHEL 5: pending

RHEL 6: kernel-2.6.32-696.18.7.el6

RHEL 7: kernel-3.10.0-693.11.6.el7

CentOS 5: pending

CentOS 6: kernel-2.6.32-696.18.7.el6

CentOS 7: kernel-3.10.0-693.11.6.el7

Debian 6 Squeeze: not expected

Debian 7 Wheezy: pending

Debian 8 Jessie: pending

Debian 9 Stretch: 4.9.65-3+deb9u2

Ubuntu 12.04: pending

Ubuntu 14.04: pending

Ubuntu 16.04: pending

Windows Server 2008: not expected

Windows Server 2008R2: KB4056897

Windows Server 2012: not expected

Windows Server 2012R2: KB4056898

Windows Server 2016: KB4056890

We will add links to new patches as soon as they are available.

One thought on “Meltdown and Spectre

  1. To enable the mitigations

    reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

    reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    Please check the following article about mitigation options for Server OS:

    Windows Server guidance to protect against speculative execution side-channel vulnerabilities

    https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

Leave a Reply

Your email address will not be published. Required fields are marked *