First identified on January 3, 2018, Spectre and Meltdown refer to two security vulnerabilities affecting almost all modern processors. Although the vulnerabilities were discovered at the same time and are often referred to together, they are two different things:
Spectre works by exploiting a modern processor function known as “speculative execution.” This performance-optimization technique works by carrying out computing tasks that are likely to be required but have not been explicitly ordered by the application. In other words, it allows the machine to use spare processing power to perform tasks in advance. Spectre can exploit this function to steal sensitive data.
Meltdown affects all Intel x86 and IBM Power processors as well as some processors commonly used for mobile devices. It bypasses security controls to access data held in memory, which can also allow a hacker access to confidential data.
What makes the Spectre and Meltdown vulnerabilities so severe is that they affect virtually every modern computer, including data centers and servers, used by cloud providers. Furthermore, because they directly exploit hardware vulnerabilities rather than software, they cannot be patched in the traditional sense other than by providing a workaround. Attacks don’t leave any traces on the computer either, so antivirus software is unlikely to help.
Although Intel has stated that its next generation of microprocessors, to be launched later this year, will be redesigned to protect against the vulnerabilities, it’s important to act immediately.
First, you’ll want to determine whether your machines are still vulnerable. If any computer is older than five years old and running a dated operating system, then chances are it’s still vulnerable. Fortunately, there has been no evidence of a successful attack thus far, but that could change at any moment.
Update Your Systems
Almost as soon as the vulnerabilities were uncovered, major software and hardware manufacturers were quick to launch fixes. However, some of these work by disabling speculative execution, which can affect overall computer performance. Unfortunately, there’s not much you can do about this until the next generation of processors has been released, which should be protected on a hardware level.
The first thing to do is ensure that your operating systems are up to date. Computers running Windows were the hardest hit, regardless of whether they are powered by AMD or Intel processors. Fortunately, Microsoft released an update for Windows 10 just days after the news was revealed. While Windows 10 should keep itself up to date, those running older operating systems, such as Windows 7, may need to manually update their machines. The same applies to other operating systems, such as macOS, Linux, and ChromeOS.
Since Meltdown and Spectre operate on a hardware level, updating the operating system will protect your computer only during everyday use. However, attacks could also be carried out via the computer’s BIOS. For this reason, you’ll want to ensure all your devices are patched with the latest firmware provided by the manufacturer of the machine or motherboard.
Chances are, if your device is relatively new, there should be a fix available. However, if your hardware has reached the end of its lifecycle, it’s likely that there will never be a firmware patch available for it. If that’s the case, you should retire the device as soon as possible to protect yourself not just from Spectre and Meltdown, but also a multitude of other possible threats.
Finally, you’ll also want to keep your browser up to date, since that’s where you’ll most likely be attacked. For further protection, consider using site isolation, which is a feature in Google Chrome that allows each webpage to run in its own process, thereby reducing the potential attack surface.
While the initial revelations of Spectre and Meltdown might sound dire, it’s important to remember that patching the vulnerabilities is now well underway, and there have yet to be any known successful attacks exploiting the vulnerabilities. One way to stay at the cutting edge is to migrate to the cloud, and have an external provider take care of security for you. That’s what we do at SpectrumWise. Call us today to learn more.