By Polar Systems
Two new processor security flaws have recently been identified. These flaws appear to affect nearly every computer produced within the last 20 years. The flaws are named “Meltdown” and “Spectre”. Meltdown only affects Intel processors while Spectre affects Intel, AMD and ARM processors. The vulnerabilities allow the attacker to access privileged memory of the processor and gain access to key strokes, passwords, etc. It is possible that privileged memory access can be accomplished through web browsers. At this point we’re not aware of any real-world examples where this vulnerability has been exploited.
Microsoft, Google, Mozilla and others have been busy updating their browsers. Microsoft has also rolled out a patch for Windows 10, but it won’t install on many systems because of some technical compatibility issues with anti-virus engines which apparently can cause the computer to generate a “blue screen” error. We also know other operating system and anti-virus vendors are simultaneously working on fixes for their products.
For additional security, Intel is working on a hardware firmware update. Researchers are speculating that this update will cause systems to run about 33% slower to resolve the root cause. We’ve also seen claims indicating the only “true” fix for this vulnerability is CPU replacement, though in our opinion, this doesn’t seem to be a viable solution. We’re hopeful the operating system, browser and anti-virus software updates will significantly reduce or eliminate the chances of the exploitation of the vulnerability.
Polar Systems is monitoring the situation as it continues to develop. We will send out additional notifications as updates and patches become available, and the stability of which have been confirmed.
Contact us Today! 503-775-4410 or email us at email@example.com answer any additional questions you may have.
For additional information, please see links below:
https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html(link is external)
https://spectreattack.com/spectre.pdf(link is external)