As most of you are aware by now, researchers have discovered a set of critical vulnerabilities in CPU hardware, currently impacting the vast majority of devices in the wild. These devices include desktops, servers, mobiles devices and appliances, regardless of Operating System and whether they are located in the cloud or on premises.
As we gain a better understanding of SPECTRE and MELTDOWN and navigate the impact of potential exploitation, below are few proactive steps that can be taken to minimize risk since complete mitigation is not currently on the horizon. Staying up to date will be critical as things progress.
What we know. At a high-level, there is an identified issue in the design and execution of the CPU chip kernel which could be exploited by an attacker and allow them to move laterally across the environment, potentially granting them unauthorized access to sensitive information. Given this aspect of behavior, it is unlikely that this will be exploited directly, but rather as a “follow on” to a primary exploit—think malicious attachments, removable storage devices, etc. It is critical that all security technology including firewalls, intrusion systems, mail gateways, and endpoint protection are up to date with all required software, signatures, and firmware packages.
There are multiple repositories of open source intelligence dedicated to understanding these vulnerabilities from a very technical perspective, as well as some at a higher level. Below are a few: (updated on a regular basis for content)
What can be done now. In a nutshell, the recommended course of action is to ensure that Operating Systems and appliance firmware across all technologies are patched and updated. As manufacturers release these updates, it is critical that they are implemented in a timely manner. That said, it is highly recommended to utilize best practice as it relates to patch management and ensure patches are tested prior to deploying across the enterprise.
Where to start. Asset management is key in accomplishing an enterprise wide vulnerability mitigation effort. Having 100% accountability for what is on your network and using that as a checklist will provide an action plan. Without a full understanding of what you have, accomplishing a holistic mitigation plan will be an uphill battle. Once all assets are identified the next step will be to ensure patches are tested and deployed, followed by a Vulnerability Scan to ensure that the patches were successfully installed.
As discussed, the recommended approach is to ensure your environment is current on all patches and updates related to these vulnerabilities. If you have questions around your asset and vulnerability management, ePlus is ready to assist by doing an assessment of your current environment or simply offering guidance.