New System Vulnerabilities You Need to Know About
Researchers have disclosed vulnerabilities in the way processors are handling memory management while data is traversing the central processing unit of your system.
The latest update on these vulnerabilities can be found at this post from Project Zero.
Vulnerability Details: What You Need to Know
There are three known variants of the issue that have been classified under the following vulnerabilities:
- Meltdown: Appears to affect laptops, desktop computers and internet servers with Intel chips. Proof of concepts are already coming out and show exploitation of this vulnerability in a number of ways, be it direct attacks from within an OS, or through applications like Chrome and Firefox browsers.
- Spectre: Potentially has a wider reach. It affects some chips in smartphones, tablets and computers powered by Intel, ARM and AMD. Besides potentially affecting a wide variety of devices, Spectre’s larger concerns are for virtualized environments, which can mean two things:
- A guest system could affect the security of the host computer on which it is running
- The guest system could be leveraged to affect other guests on the same host
What Does It All Mean, and What Should You Do?
Because these vulnerabilities are with the CPU in your system, no operating system is safe if it is running on an affected processor.
Additionally, as noted by the various operating system vendors, the patches to fix these issues will have a negative impact on system performance, with some vendors stating as much as a 30% reduction in performance.
So, what should you do?
1. Plan to patch for the next several weeks. There is already a wide assortment of patches coming out from vendors.
2. Because of the threat posed to virtualized environments, expect some schedule downtime from your cloud providers. Thankfully, some of them, like Google and Amazon, have been working on the issue for a while. But there is more work in the coming weeks.
Immediate knowledge for an informed response can better position you for system protection. As you learn about and respond to these new vulnerabilities, feel free to contact us with any questions or concerns.