Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us

News

Home  >  News  >  Vulnerabilities  >  Meltdown and Spectre – it’s not over yet!
NextPrevious
meltdown spectre vulnerability

Meltdown and Spectre – it’s not over yet!

News, Vulnerabilities | 30 November, 2018 | 0

Meltdown and Spectre are a family of security attacks that operate at the hardware-level of modern processors. Some of the attack variants have supposedly been mitigated by microcode and BIOS patches issued by the processor vendors; however, new research published by Cornell University reveals several new attack vectors and the report suggests that the previously-issued fixes and patches may be less than effective.  These newly-identified vulnerabilities will be of particular interest to organisations that use cloud hosting, as they raise the possibility of an attacker or malware escaping from a virtual machine and being able to pivot an attack into other virtualised hosts and environments which are hosted on the same physical server.

Modern processors use a number of tricks in order to boost their performance, including executing instructions in parallel and even out of order.  This is done, for example, by using mechanisms that predict the likely outcome of decisions and perform the next step anyway. If the prediction is correct – the next instruction has already be executed and so time is saved, if the prediction is wrong then the predicted data is simply discarded and the correct next instruction is executed.  These types of instruction are known as ‘Transient Executions’ because where the results of wrong predictions are discarded (or rolled-back), they vanish – as if they had never happened.  Or at least that is the idea.

The root of the Meltdown and Spectre attack families is that the rolling-back of incorrect predictions is not fully effective and traces are left in elements of the CPU (such as the CPU cache), which can be examined and used to infer useful information.  This is because at the micro-architectural level in the CPU, some elements are shared across cores so a process running in CPU core 0 could access data left in the CPU cache by a process running in CPU core 1. Malware or an attacker can execute instructions within its own CPU core to make this much more likely.

It is worth remembering that ‘the cloud is just someone else’s server’ and to be secure we have to not only secure our virtual environment correctly but also trust the hosting provider has secured their network and server hardware to prevent malware or attacks being pivoted from one client’s system to another.

System Administrators responsible for in-house (private cloud virtualised environments) should consider carefully whether to separate Virtual Machines (VMs) onto different physical hosts based on their security risk, to avoid the risk of an Internet-facing VM being compromised and malware escaping the VM to attack another virtual machine hosted on the same hardware.  If you are using a hosting provider, you would be wise to check their plans and progress implementing available patches from the hardware vendors and also to research and apply future patches to the CPU and BIOS, given the findings from Cornell that many existing mitigations are not fully-effective against the vulnerabilities which cause Meltdown and Spectre attacks to be successful.

You can get more information on this article from the following link to the research paper:

A Systematic Evaluation of Transient Execution Attacks and Defenses

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.
Meltdown, Spectre, vulnerability management

Related Post

  • Zombieload – a new class of Intel CPU vulnerability

    By Mark Faithfull

    A team including some of the researchers who discovered the Spectre and Meltdown vulnerabilities in AMD and Intel CPU announced a new class of vulnerability affecting Intel CPU which they called Zombieload. Like Spectre andRead more

  • SUDO bug allows privilege escalation

    By Mark Faithfull

    A bug has been found in the SUDO command which can allow an attacker to gain root privilege on Linux and Unix systems, even for users that do not have permission to run SUDO. SUDORead more

  • Cisco patches critical switch flaws

    By Mark Faithfull

    Several critical switch vulnerabilities that could allow an attacker to break network segmentation have been patched by Cisco. Dubbed CDPwn by the researchers at Armis who discovered the flaws, the vulnerabilities exists in a LevelRead more

  • Ragnarok ransomware exploits Citrix vulnerability

    By Mark Faithfull

    Ragnarok ransomware is leveraging unpatched Citrix ADC servers and Windows computers to attack its victims. Citrix have now released a patch for CVE-2019-19781 and made it available to all clients – regardless of the status ofRead more

  • Infrastructure Patching Problems

    By Mark Faithfull

    In recent years the main vendors of the operating systems and databases that run our businesses, schools and governments have made significant strides to provide a reliable stream of patches and upgrades which are easyRead more

NextPrevious

Recent Posts

  • SUDO bug allows privilege escalation
  • Hue smart bulb RCE vulnerability patched
  • Cisco patches critical switch flaws
  • Ragnarok ransomware exploits Citrix vulnerability
  • Infrastructure Patching Problems

Tags

blockchain Bluetooth Chrome Cisco credential stuffing CREST cyber crime cyber essentials cyber security cyber security news Data Protection DNS Ethereum Exchange Server exim fileless formjacking GDPR Intel IoT Linux MacOS Meltdown microsoft OAuth patching PDF penetration testing phishing ransomware RDP Row Hammer security breach security testing SIEM Spectre supply chain attacks Sysinternals TPM UK Law VNC vulnerability management web applications web browsers wireless

Archives

  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us
SecureTeam
SecureTeam use cookies on this website to ensure that we give you the best experience possible. If you continue to use our site we will assume that you are happy with cookies being used.OkRead more