Safe Harbor on Cyber is a 'safe harbor' blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
Now for almost three weeks, the legendary patch and resolution continue. This article is an update of the Implementation Guide to Meltdown and Spectre CPU Design Flaw or Chip Flaw. Currently, the world is still waiting for the sure fixes from Intel’s recently released bungled patch. However, these misses on their patches just dug Intel deeper.
In the “plus” column, Microsoft and AMD jointly take action to resume their workflow on fixes. Vendors are beginning to provide tools to manage the hassles of correcting these two vulnerabilities, such as VMware’s dashboard kit for its vRealize Operations automation tools
type: $ Grep. / SYS / Device / System / CPU / Vulnerability / *
Entering a Linux terminal window now shows you if you have a Meltdown and Spectre issue to fix.
On the downside, Intel is facing rebellion from many other vendors such as Red Hat, Lenovo, and VMware, telling users to ignore Chipzilla’s first microcode update because they have restarted the server many times. Intel first stated that there was only a problem with Broadwell and Haswell processors, but later said that the recent Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake architectures were not normal after patching. The company also revealed that data center workloads will slow down after patching.
This is bad news because for a variety of reasons, and in particular, some users eager to cope with threats from both sides may overlook the fact that Intel Inside often comes with devices that “just do the job, do not worry about internal things.” As a result, the analyst firm Gartner’s suggestion to remember that devices such as the application delivery controller or WAN-optimized boxen pack x86 need to be fixed and will not optimize the optimization from now on. This means talking to telecom companies and a variety of other alternatives.
ZFS or Microsoft-powered software-defined storage may not slow the message too much smile on the face.
Also, the unwelcome news is that Specter affects Oracle’s SPARC platform with a patch for some time in February. Smaller ARM licensees/makers do not generate many comments.
Intel originally released a patch for Specter and Meltdown on January 15 that covers 90% of modern CPUs but will result in a higher system restart after a firmware update is applied. The most affected are systems running Intel Broadwell and Haswell CPUs for clients and data centers.
Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed.
Intel Statement – Patches for Spectre and Meltdown
Intel says “We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior.
We also ask that our industry partners focus efforts on testing early versions of the updated solution for Broadwell and Haswell we started rolling out this weekend. so we can accelerate its release. We expect to share more details on timing later this week.
For those concerned about system stability, while we finalize the updated solutions, we are also working with our OEM partners on the option to utilize a previous version of microcode that does not display these issues but removes the Variant 2 (Spectre) mitigations. This would be delivered via a BIOS update, and would not impact mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown).”
CVE-2017-5753 and CVE-2017-5715 are the references to Spectre, CVE-2017-5754 is for Meltdown are ripe for hackers (read my commentary titled: Why Meltdown and Spectre are ripe for ransomware attacks)trying to take advantage of the Known Meltdown and Spectre bug and pushing malware with defected patches that caused more problems than it meant to resolve.
Intel is now telling them that it has identified the root cause of the restart issues affecting Broadwell and Haswell CPUs and that they are preparing a solution to the issue and are suspending the application of patches for Specter and Meltdown.
Kernel Update, Linux Distribution Users have provided microcode updates that can be applied non-persistently using the microcode_ctl mechanism.
By placing the microcode in / lib / firmware /, the update is applied each time the system starts. However, one of the ghost remissions has created a problem and Red Hat decides to remove it.
Crash attacks rely on a tracked bug CVE-2017-5754. There are two main variants of Specter attacks: one with CVE-2017-5753 (variant 1) and the other with CVE-2017-5715 (variant 2).
Red Hat believes that the mitigations included in microcode_ctl and linux-firmwarepackages in CVE-2017-5715 caused some problems for some users, which is why the latest versions of these packages do not address this variant of exploit.
Red Hat said: “Red Hat no longer offers micro-code to address Specter, variant 2, because of instability that causes the client system to fail to start.” The latest microcode_ctl and linux-firmware packages are moving these unstable microprocessors Firmware changes are restored to a known stable and well-tested version and released prior to the Specter / Meltdown Embargo Upgrading on January 3.
Red Hat recommends that customers protect their devices from attacks by acquiring updated microcode provided by the CPU vendor as a system firmware update. Unlike microcode applied through the microcode_ctl mechanism, system firmware updates represent a more durable solution.
In addition to Intel’s own patches, other companies have introduced their own remedies. “Microsoft was among the first, releasing an emergency patch for Windows users and a set of firmware updates for Surface devices. AMD also announced optional patches of its own, despite its claims that the exploits pose a “near-zero” risk to its hardware. Similarly, NVIDIA joined the fray with a set of software patches for its GPU drivers.
If you’re curious whether your PC is affected by Meltdown and Spectre, a tool called InSpectre can quickly identify vulnerabilities on your system.”
Academic Research on Meltdown and Spectre Fixes
Earlier this month, Intel released the latest news on most modern microprocessors from Google’s Project Zero team, Cyber us Technologies, Graz Technical University, University of Pennsylvania, University of Maryland, Rambus, University of Adelaide and Researchers at Data61 have discovered serious flaws for performance-optimized methods, such as an attacker might read sensitive system memory (which may include passwords, encryption keys, and email). These vulnerabilities affect CPUs from Intel, AMD, and ARM.
Meltdown and Spectre Vulnerability explanation
The so-called Meltdown and Specter hardware vulnerabilities allow so-called bypass channel attacks: in the case of Meltdown this means that there is a risk of malicious access to sensitive information in kernel memory, and for Specter user applications may read kernel memory and others Application memory. Therefore, an attacker can read sensitive system memory that may contain passwords, encryption keys, and e-mail, and use that information to make a local attack.
Systems with microprocessors that make use of speculative execution and indirect branch prediction may allow for unauthorized disclosure of information to an attacker with local user access through sidechannel analysis.
Which devices on a critical infrastructure are operational?
Whether a particular device is in jeopardy depends on many factors such as chipset, firmware level, and so on. Needless to say, we can look forward to a great deal of research and remediation in the near future.
Many HMIs, panels, and displays use the affected chips. Some PLC manufacturers are still evaluating the threat.
Many systems that support industrial controllers for automation systems, batch control systems, production control servers, printers, OPC systems, SCADA systems, peripherals, and IIoT devices including cameras, sensors, and others are all at risk. However, Specter and Meltdown vulnerabilities in these systems do not necessarily mean that industrial control equipment is in jeopardy.
What is the impact on critical infrastructure industrial control equipment and systems?
Specter and Meltdown vulnerabilities can be used to compromise devices, allowing attackers to access privileged data in the system. These Meltdown and Spectre vulnerabilities do not grant access to the system, they can only allow attackers to read the data should be limited. In other words, the attacker still needs to break into the system to execute the attack.
While this is a serious threat to systems with multiple users, such as cloud solutions, it does not pose a high risk in single-user systems.
In a metaphor, these holes basically allow you to read people’s minds – as long as you’re in the same room with them. You have access to data that implies privacy, such as confidential, confidential or sensitive information and more.
If you are in a room yourself, you already have access to the secrets of everyone in that room – that is, yourself. If you already have access to it, what is the point of attack on your own mind?
In short, this is the idea behind “ghost” and “meltdown.” They work in a multi-tenant environment, where one user’s secrets must be kept private with others.
Because ICS environments are not multi-tenant, these Meltdown and Spectrevulnerabilities do not have access to data that is inaccessible to anyone with system access.
Intel recommends that customers and original equipment manufacturers (OEMs) refer to their Intel Security Center Web site for more details on fixing “ghost” and “crashing” patches.
Meltdown and Spectre patches
The fundamental vulnerability exists at the hardware level and cannot be patched. However, most vendors are releasing software patches that work around the problems. The KAISER patch, developed coincidentally in 2017 to improve Linux security, actually has the side effect of preventing Meltdown attacks. Major cloud vendors have by and large patched their servers. Patches have already been rolled out by Intel, Microsoft, Apple, and Google (see more below) and more are on the way.
Notably, older systems, particularly Windows XP, will almost certainly never be patched. Also left in the lurch are the millions of third-party, low-cost Android phones that don’t get security updates from Google, many of which are not particularly old.
When will my PC, Mac, iPhone, Android phone, or browser get a patch for Meltdown and Spectre?
As of January 11th, Microsoft has released operating system patches for most versions of Windows from Windows 7 on, which also patch the company’s Internet Explorer and Edge browsers. However, some AMD systems after downloading the patches did not restart, so those patches have been pulled for the moment.
Apple released patched versions of its macOS, iOS, and tvOS operating systems, as well as its Safari browser, on January 3rd.
Google released a list of which Chromebook models have been patched or won’t need a patch (most of them), which will be patched soon, and which are end-of-life and won’t see a patch.
Firefox has a patch that will be released on January 23rd, but is now available in beta.
Google’s Chrome browser has a patch that will be released on January 23rd. You can turn on the experimental Site Isolation feature in the meantime to protect yourself.
The multiplicity of Android handsets makes the question of whether your Android phone is or will be patched difficult to answer. Most phones sold directly from Google or giants like Samsung are patched or will be, but many will not. The Italian trade-in company RiCompo has a site that keeps you up to date on many different brands and models.
Do Meltdown and Spectre patches hurt performance?
These patches generally mitigate the vulnerabilities by altering or disabling how software code makes use of the speculative execution and caching features built into the underlying hardware. The downside of this, of course, is that these features were designed to improve system performance, and so working around them can slow your systems down. While there were initial reports of performance hits up to 30 percent, benchmarks from Phoronix indicate that 5 to 10 percent seems more typical.
Meltdown and Spectre Impact:
Critical chip defects were uncovered on all modern processors that allow attackers to read computer kernel memory with low-privilege applications, a central part of the operating system that allows them to steal passwords, files, and security Other sensitive data keys.
What can I do to mitigate the risk?
First of all, be aware that problems in the ICS environment are crucial because unlicensed devices can not be protected. As a result, automated asset inventory tools are critical to understanding which devices are risky and require attention.
Next, in-depth understanding of the inventory is essential. Without this feature, you have only one list of industrial equipment that must be manually checked to see if their particular hardware module is affected.
Automated ICS inventory tools are also valuable for identifying vulnerable devices and tracking fixes.
Finally, in order to exploit these vulnerabilities, attackers need access to the network. This underscores the importance of establishing a network monitoring system that can identify anyone connected to the network as well as communicate with key assets or modify key assets.
The following table lists the available suggestions and patches. As patches and firmware updates continue to be released, be sure to contact your hardware and software vendor to confirm that the appropriate patches are applicable, as some updates may cause unexpected results.
NCCIC recommends using a test environment to validate each patch prior to implementation.
After patching, performance impact may vary, depending on usage. Administrators should ensure that the performance of key applications and services is monitored and, where possible, work with their suppliers and service providers to mitigate their impact.
In addition, users and administrators who rely on the cloud infrastructure should use CSPs to mitigate and mitigate any impact of host operating system patching and forced restarts.
The following table contains links to suggestions and patches posted in response to these vulnerabilities. This table will be updated as the information becomes available.
Intel asks customers to hold off Applying Patches for Spectre and Meltdown
Intel initially released patches for Spectre and Meltdown on Jan. 15 which covers 90% of the modern CPUs, but it results in higher system reboots after applying firmware updates. Most affected ones are the systems running Intel Broadwell and Haswell CPUs for both client and data center. Intel told now they have identified the root… Intel asks customers to hold off Applying Patches for Spectre and Meltdown
Intel testing fix for reboot issues caused by Spectre patch on older CPUs
If you were hit with reboots following Intel’s firmware patch for the Spectre flaw, a fix could be on the way soon. Not long after it started issuing firmware patches in response to the disclosure Meltdown and Spectre flaw, Intel acknowledged that some users were experiencing unwanted reboots seemingly caused by the fix…. Intel testing fix for reboot issues caused by Spectre patch on older CPUs
Intel Halts Spectre, Meltdown CPU Patches Over Unstable Code
Intel on Monday said that users should stop deploying patches for the “Spectre” and “Meltdown” chip vulnerabilities disclosed by researchers earlier this month, saying the patches could cause problems in affected devices, including higher than expected reboots and other “unpredictable” system behavior. read more… Intel Halts Spectre, Meltdown CPU Patches Over Unstable Code
Intel initially released patches for Spectre and Meltdown on Jan. 15 which covers 90% of the modern CPUs, but it results in higher system reboots after applying firmware updates. Most affected ones are the systems running Intel Broadwell and Haswell CPUs for both client and data center. Intel told now they have identified the root… Engaging post, Read More…