QUALYS, INC. Vulnerabilities potentially impacting all major processor vendors were disclosed today by Google Project Zero. These vulnerabilities have been named Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715). Organizations should inventory their systems by processor type, apply vendor patches as they become available, and track their progress. This article describes how Qualys can help in all three areas.
Overview
Meltdown allows any application to access all system memory, including memory allocated for the kernel. Mitigation for this vulnerability will require operating system patches and potentially firmware updates. Patches for this vulnerability may have a performance impact on systems. So far, only Intel chips have been shown to be vulnerable.
Spectre allows an application to force another application to access arbitrary portions of its memory, which can then be read through a side channel. This vulnerability may require changes to processor architecture in order to fully mitigate. According to Google Project Zero, this vulnerability impacts Intel, AMD, and ARM chips.
Mitigations
Microsoft has issued a patch for Windows 10, while other versions of Windows will be patched on the traditional Patch Tuesday on January 9, 2018.
MacOS 10.13.2 mitigates some of the disclosed vulnerabilities, but MacOS 10.13.3 will enhance or complete these mitigations.
Processor vendor links:
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
https://www.amd.com/en/corporate/speculative-execution
https://developer.arm.com/support/security-update
Other software vendor patches:
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
Customers with Qualys Vulnerability Management
Qualys will release QIDs for any vendor patches that mitigate this vulnerability and will update this blog accordingly.
To determine processor type, you can search the results of these QIDs:
- QID 43113 : Processor Information for Windows Target System
- QID 43110 : Apple Macintosh Processor Architecture
- QID 115048 : Processor Information for Unix Target
- QID 45177 : Processor Information for Solaris Target
The Qualys Cloud Agent can be used to determine processor types by searching with AssetView on the processors.description field like this:
processors.description:intel or processors.description:amdThe results can also be grouped by processor type:
Get Started Now
To start detecting and protecting against critical vulnerabilities, get a Qualys Suite trial. All features described in this article are available in the trial.
Qualys Inc. published this content on 03 January 2018 and is solely responsible for the information contained herein.
Distributed by Public, unedited and unaltered, on 04 January 2018 02:29:10 UTC.
Original documenthttps://blog.qualys.com/securitylabs/2018/01/03/processor-vulnerabilities-meltdown-and-spectre
Public permalinkhttp://www.publicnow.com/view/C6B0CC1F98DFEB49CB0E22432CF421489B544E24
