Blog / IMPORTANT ALERT: Meltdown – Vulnerability Discovered in Intel CPUs Leaves Client Servers & Computers Exposed
A new vulnerability has been discovered by a team of researchers that affect ALL servers, computers and devices that use Intel processors (CPUs). It affects server systems that are cloud based. The vulnerability is common to all CPUs manufactured within the last 10 years. Called Meltdown (or Spectre – depending on the variant), the vulnerability exposes a flaw in the way the CPUs stores and processes memory data at a very core level. The Spectre variant affects all processors (including AMD and ARM); those used in some computers, SmartPhones, Tablets and similar devices. Some people call this vulnerability the KPTI or Intel Bug.
The vulnerability lies in the design of a part of the CPU memory called the KERNEL, and so is independent of the operating system; devices using Windows, Apple, Android, and Linux operating systems are affected equally. The problem is global and affects 100’s of millions – possibly billions – of computers.
The problem only affects data that resides in the computer’s memory at any given time. Data stored on hard drives or other removable media is not affected. However, all programs use the computer memory extensively to implement functions and process data. For example, typing a user name and password – and having the information verified and processed – takes place in the computer’s memory. The flaw could expose the user name and password to a hacker.
As of this writing (2018.01.04), there are no documented cases of this vulnerability being exploited and there is no documented Malware or Viruses that can leverage it. However, it will only be a matter of time before Malware and hackers exploit this flaw. Our estimate is that these security threats should take at least one to three months to become widespread.
There is no fix that is offered by Intel to correct the vulnerability, as the CPU must be re-designed to eliminate the flaw. Traditional security counter-measures such as Anti-Virus programs and Firewalls may be ineffective at stopping malware and viruses that exploit this vulnerability, as the attack will look almost identical to legitimate code and CPU processing.
A work-around to reduce the risk associated with this flaw is being developed and tested by all of the major operating system vendors, including Microsoft (Windows), Apple, Google (Android), Amazon, and the Linux community. Fixes will be available as a system patch that will update the operating system. Schedules vary, but it is expected that system patches may be available as early as January 9th, 2018. There is a downside to the patch-fix method; it may negatively impact your computer or server performance by as much as 20%.
The obvious way to protect your computers is to apply the operating system update as soon as it becomes available from the vendor. In many cases, the patch will be automatically applied to a computer, but as the severity of the problem is significant, TRINUS recommends applying the patch pro-actively as soon as it is available; do not wait for the computer to update itself.
However, this may not be adequate. Some organizations have hundreds of computers and servers in their IT systems, so managing the update process – and verifying the patch has run successfully – can require significant effort. In addition, some devices are not easily updated. Many NAS (Network Attached Storage) and other quasi-autonomous devices are difficult to work with. Finally, you may have sensitive information stored on systems that are outside your control. As previously mentioned, all cloud systems are affected, so if you store or process data in the cloud (ie: offsite backups), your data could be at risk. It only takes one unprotected device on your network to expose all of your systems to attack.
For TRINUS Clients …
All TRINUS cloud servers and internal systems will be patched as soon as the update is available.
All TRINUS customers on a Tier 4 or MSP Service Agreement WILL receive updates on both servers and workstations once patch compatibility has been verified.
All other TRINUS clients with a support agreement that includes Managed Server (Windows) Updates will receive manually-applied server patches as soon as we have tested them for compatibility and compliance on the appropriate network. These updates will be applied after-hours to minimize downtime. Where applicable, updates will also be applied other affected network devices for clients that have Managed Server Updates as part of a support agreement (NAS units that use Intel processors for example).
Workstations and laptops will NOT receive managed updates and may remain vulnerable. Please contact your Account Manager at TRINUS to discuss patch deployment options for all non-server devices.
Update deployment will be done based on agreement Tiering (Tier 4, then Tier 3 etc.).
The risk due to hardware and software design flaws is increasing; in 2017 we saw KRACK (the WiFi vulnerability), and several issues with the Intel Management system that is common to most computers. Meltdown is just the latest in the series. One of the most effective counter-measures is to keep all hardware devices updated with the vendor’s latest system patches, and verify that they have been applied correctly across all devices through compliance reporting. TRINUS is currently testing automated patch management systems and we expect to have them ready to deploy in Q2, 2018 to most of our clients. Please contact your Account Manager for more information.
Thanks
Dave White
TRINUS