RSS Feed
News
Jan
9
Vulnerabilities: Spectre & Meltdown - Nexus Technologies
Posted by Muslim KHAN on 09 January 2018 03:17 PM

Vulnerabilities: Meltdown and Spectre

Vulnerabilities have recently been discovered for Intel, AMD and ARM processors. These vulnerabilities could allow unauthorized individual to access sensitive data.

Meltdown and Spectre are two recently uncovered flaws that can create issues in a variety of mainstream computer processors; Intel, AMD, and ARM all have experienced concerns relating to Meltdown and Spectre. Additionally, major technology manufacturers, like Apple and Microsoft, have expressed concerns over the potential vulnerability. The issue revolves around speculative execution, which is how modern computer processors maximize performance.

Responses from Manufacturers

The three biggest processor manufacturers affected by Meltdown and Spectre, Intel, ARM, and AMD, have each come out with responses to these vulnerabilities. While each of these companies is experiencing issues, Intel is affected by the largest amount of processors being impacted.

Being hit with the most affected processors, Intel’s response to Meltdown and Spectre was anticipated highly, since processors from the last decade (or more) may be affected by these vulnerabilities. Initial statements from Intel were a bit broad, sweeping over the true issues and merely acknowledging that they exist.

However, Intel has since come out with a whitepaper addressing mitigation techniques to be used when safeguarding against Spectre vulnerabilities. Additionally, there are already mitigation factors being implemented for future Intel-based chips, reducing the potential of this exploit being used on newer chips.

AMD has also released a statement, addressing the belief that their chips are not as susceptible to the vulnerabilities as other chip manufacturers. About a week before the announcement regarding Meltdown and Spectre occurred, there was an attempt by AMD to keep the information private until patches had been released. Additionally, at the end of 2017, a patch was released that excluded many AMD chips from Meltdown, which gives the suggestion that AMD was aware of the vulnerability.

ARM, compared to Intel and AMD, approached the vulnerability and creating a response in a different way. Avoiding public relations announcements, ARM released a technically sound whitepaper, which addressed concerns about patches for Meltdown and safeguarding against array attacks; ARM provided samples showing how to guard against these attacks as well. Although ARM is not currently developing a solution for Spectre, they do state their chips have existing systems that help invalidate or temporarily disable branch predictors

Fixes
Here is a list of update procedures for some of the most popular operating systems:

- Windows Server
- Ubuntu
- CentOS
- Debian

Official CVE report
- CVE-2017-5754
- CVE-2017-5753
- CVE-2017-5715

If you wish to get more information on the current situation, you can visit the official responses from each respective vendor:

Intel     

AMD 

ARM

Our team is closely monitoring the situation to provide a solution as quickly as possible.

----

Regards,

Nexus Support

Helpdesk Support: https://www.nexus.pk/support/

Email: support@nexus.pk | sales@nexus.pk | UAN 0300-0341140