Meltdown and Spectrum, here are two pretty little names given to the two biggest faults in the history of computing… Indeed these faults affecting the hardware, we are talking here about the processors, it is a problem really very impacting because almost all processor-based machines around the world are affected! Basically, whether it’s Intel, Amd or Arm, the processors are vulnerable… And it’s been going on for more than ten years. I can already see the conspirators saying that the NSA knew this since before Christ 🙂
Concretely what is happening?
This is Google’s security research team, Google’s Project Zero who discovered the faults in question. This is actually a design error in the memory of processors manufactured by Intel for ten years. Thus, it would be possible, by various processes which are a priori rather complex to implement, to access the buffer memory of the processor in order to see the data coming from the applications in plain text.
Meltdown will then break the isolation between the memory used by the user’s applications and that used by the operating system (whether Windows or Linux). Thus it would be possible to access a large number of secret data such as passwords, encryption keys, VPN key, personal info… which are stored in memory and theoretically inaccessible. Ouaaa it’s hot you’re going to tell me, yes it’s hot but it’s the least worst of the two flaws! Indeed it will be able to be patched at the level of the operating system and the way in which the latter uses the buffer memory of the processor. As you will have understood, CVE-2017-5754 Codename Meltdown therefore acts rather at the level of the operating system by breaking the isolation between the latter and the user’s apps, thus revealing data that can be ultra sensitive.
Specter on the other hand is much more problematic, it breaks the isolation between the applications themselves and therefore acts at a lower level. On the other hand it would seem that it is much more difficult to implement, but the thing is that it will allow you to deceive any program (including your antivirus) in order to extract its secret information stored in memory . We can therefore imagine that it is possible to recover your VPN key, your interaction with a site such as passwords, credit card numbers etc…
It will then be necessary to act and patch at the level of the OS (Windows, Linux, Apple), applications (Chrome, firefox, Vpn client etc…), but also at the level of the firmware of your hardware such as the bios for example. Contact your manufacturer for information.
The problem in all of this is that all these patches will slow down your machines and a priori not just a little. We are talking about performance drops of 5 to 30%! ! If we think about it, it’s quite logical because to patch we will modify the way the memory is addressed by the operating system, by its peripherals and its applications. Since we will be forced to isolate the kernel from the OS on a memory address other than that used by the hardware, we will force the processor to empty the cache much more often in order to separate the instruction sets relating to the hardware and those relating to the OS.
Who is affected?
Simply put, everyone! Your personal computer, your phone (hey yes ARM inside), your office computer, company servers etc etc… yes it’s a big mess…
Many new examples emerged regarding the security patch of the Meltdown vulnerability.
CVE-2017-5753 and CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) Both PulseSecure VPN client and Sandboxie, the bin-based isolation program are found to be vulnerable. sand developed by Sophos.
PulseSecure has developed a Workaround for affected platforms, which include Windows 10 and Windows 8.1 but not Windows 7.
Sandboxie released an updated client to fix compatibility issues with an emergency patch from Microsoft, like explained here. We asked Sophos for their opinion.
Before Patching Windows:
Microsoft’s patch package released last Wednesday (January 3rd) appears to be crashing some PCs with AMD chips.
Problems like this leave system administrators (and to a lesser extent consumers) in the dark. Critical Meltdown and Specter vulnerabilities recently found in Intel and other CPUs pose a significant security risk. Because the flaws are in the underlying architecture of the system, they will have an exceptionally long lifespan. Indeed, before the entire world park is patched, it will take a long time and this will require enormous effort. Because in addition to that the patches currently distributed in the emergency causes as we see to see some machine freeze problems but also performance losses ranging from 5 to 30% depending on the system!
So the “patching” of all this mess is necessary but complicated because anti-viruses, for example, must be adjusted before Microsoft patches can be applied, see here.
The antivirus compatibility registry key must be set and up-to-date so that Windows Update can deliver the January updates or future security updates. Antivirus software requires low-level access to the machine it’s running on, so adjustments must be made to account for the memory management changes that come with the Meltdown and Specter patches or it’s a sure crash. , warned Microsoft.
A Redmond Support article states that “customers will not receive the January 2018 Security Updates (or any security updates) and will not be protected against security vulnerabilities unless their anti-virus software vendor does not set a particular registry key. Yes you read that right (sorry)….
Well, we say to ourselves that it’s really hot and tense, but you don’t, it’s all the same well documented! Kevin Beaumont, Cybersecurity Vulnerability Manager, has put together a Windows Antivirus patch compatibility spreadsheet. ® So to know if you can patch Windows and to know if first of all your anti-virus patched also you can find here the list of antivirus vendors that have already modified their registry key for the Windows patch CVE-2017-5753 and CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown).
EDIT January 10, 2018:
To complete this article, here is a table of patches according to your OVH source OS https://docs.ovh.com/fr/dedicated/information-about-meltdown-spectre-vulnerability-fixes/?utm_content=buffer19764&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
Then here is also the link of CERT-FR, the government center for monitoring, alerting and responding to computer attacks: https://www.cert.ssi.gouv.fr/alerte/CERTFR-2018-ALE-001/ We can see the Cert-Fr POC with the Meltdown code… thus proving that the script exists and that it works…