CISSP, ITILv3, Principal Security Architect
  • Security

As most of you are aware by now, researchers have discovered a set of critical vulnerabilities in CPU hardware, currently impacting the vast majority of devices in the wild. These devices include desktops, servers, mobiles devices and appliances, regardless of Operating System and whether they are located in the cloud or on premises.

As we gain a better understanding of SPECTRE and MELTDOWN and navigate the impact of potential exploitation, below are few proactive steps that can be taken to minimize risk since complete mitigation is not currently on the horizon. Staying up to date will be critical as things progress.

What we know.  At a high-level, there is an identified issue in the design and execution of the CPU chip kernel which could be exploited by an attacker and allow them to move laterally across the environment, potentially granting them unauthorized access to sensitive information.  Given this aspect of behavior, it is unlikely that this will be exploited directly, but rather as a “follow on” to a primary exploit—think malicious attachments, removable storage devices, etc. It is critical that all security technology including firewalls, intrusion systems, mail gateways, and endpoint protection are up to date with all required software, signatures, and firmware packages.

There are multiple repositories of open source intelligence dedicated to understanding these vulnerabilities from a very technical perspective, as well as some at a higher level. Below are a few: (updated on a regular basis for content)

https://arstechnica.com/gadgets/2018/01/heres-how-and-why-the-spectre-and-meltdown-patches-will-hurt-performance/

https://spectreattack.com/

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

What can be done now. In a nutshell, the recommended course of action is to ensure that Operating Systems and appliance firmware across all technologies are patched and updated.  As manufacturers release these updates, it is critical that they are implemented in a timely manner.  That said, it is highly recommended to utilize best practice as it relates to patch management and ensure patches are tested prior to deploying across the enterprise.

Where to start. Asset management is key in accomplishing an enterprise wide vulnerability mitigation effort. Having 100% accountability for what is on your network and using that as a checklist will provide an action plan. Without a full understanding of what you have, accomplishing a holistic mitigation plan will be an uphill battle.  Once all assets are identified the next step will be to ensure patches are tested and deployed, followed by a Vulnerability Scan to ensure that the patches were successfully installed.

As discussed, the recommended approach is to ensure your environment is current on all patches and updates related to these vulnerabilities. If you have questions around your asset and vulnerability management, ePlus is ready to assist by doing an assessment of your current environment or simply offering guidance. 

**UPDATE** 2/1/18 –

Earlier this week Intel has advised to cease updates to their microcode due to unpredictable behavior such as reboots and performance, additionally Microsoft issued an out of band update that allows administrators to toggle on/off the speculative protection features of the bios without forcing rollback. They indicated this ability will available via registry settings and can be used on current and future microcode updates as Intel works towards release of a more stable patch.  Additionally, the security community has begun seeing Spectre/Meltdown exploit packages in the wild. As this behavior is expected to increase it is imperative to ensure that malware/exploit based detection and prevention systems (network & endpoint) are kept up to date with updates that will help detect and prevent these new attacks. Layered defenses remain the best means of protection as the industry works towards development and release of patches to combat this information disclosure vulnerability. 

Comments

Load more comments
Thank you for the comment! Your comment must be approved first
* Required
comment-avatar

Related Posts

Tags

Ready To Begin? Contact Us Today.

Request A Presentation