Best Practices Against The New “Spectre” And “Meltdown” Cyberthreats

The cybersecurity threats “Spectre” and “Meltdown” were first discovered January of this year as vulnerabilities that allowed attackers to gain access to sensitive information on computers using modern Intel, AMD, or ARM CPUs. While the name “Spectre” included Variants 1 and 2 of the vulnerability, “Meltdown” described Variant 3. Although these original threats have since been addressed by security updates, new versions dubbed Variant 3a and Variant 4 have been discovered on May 21st 2018. Like the original threats, these new iterations allow attackers to access personal information stored on vulnerable systems.

CPU and Operating System (OS) developers are currently working on further security updates to address these new threats in the following weeks. However, here are some best practices that can help protect your computer while official updates are developed:

First, ensure that your computers are running the latest security updates developed against variants 1, 2, and 3. In particular, Intel has stated that updates which were developed to defend against Variant 1 web-browser exploitation are also effective in combatting Variant 4. However, it is also important to be vigilant for new security updates. The US Computer Emergency Readiness Team has stressed that the January/February Microsoft updates against “Spectre” and “Meltdown” still contained a vulnerability that could allow attackers to gain full control of a computer through editing kernel memory.

Second, constantly check for new microcode updates from your computer’s Operating System, Motherboard, or Server providers. Furthermore, after applying new security updates, the National Cybersecurity and Communications Integration Centre suggests reporting any abnormal behavior on your computer to the update developer, as effectiveness of updates can vary depending on users’ specific system configurations.


The “Meltdown” and “Spectre” Cybersecurity Threats

Originally revealed in January 2018, cybersecurity threats “Meltdown” and “Spectre” allowed attackers to destroy security measures and access CPU data on many computers containing CPUs from Intel, AMD, or ARM. Since its discovery, security updates combatting the vulnerabilities have been released by both CPU developers and OS providers such as Intel and Microsoft. However on May 21st two new versions of the security threats were discovered by both Google Project Zero (GPZ) and Microsoft Security Response Centre (MSRC). Like the original vulnerabilities, these threats allowed hackers to access personal information on computers containing Intel, AMD, or ARM CPUs.

The first of these threats is officially known as “CVE-2018-3640”, “Variant 3a” or “Rogue System Register Read (RSRR)”. By exploiting this vulnerability, an individual can gain access to personal information by speculatively reading system parameters through side-channel analysis. The second threat has been named “CVE-2018-3639”, “Variant 4”, or “Speculative Store Bypass Disable (SSBD)”. This vulnerability allows for an individual to access old memory values in a CPU, allowing attackers to acquire sensitive information. This is possible because remnant data is stored within the CPU stack despite the processor constantly updating old information.

Intel, AMD, and ARM have all released statements outlining their strategies to combatting the new threat, and what consumers can do to protect themselves. Intel has reportedly distributed new beta security updates to various OS developers, who they state are working to develop production-versions to be released in the following weeks. Next, AMD suggests consulting OS providers specific to your system for steps to protect yourself against these new vulnerabilities. Finally, ARM has stated that the impact of these new threats is less widespread among their CPUs. Therefore, no further action against RSRR is required for Linux systems, and SSBD can be combatted by “disabling a hardware feature (memory disambiguation) at boot via an implementation-defined control register.” Finally, to address the threats on systems not running Linux, ARM suggests that “Memory disambiguation should be disabled at boot by setting the relevant control register bit”.

If you need more information on Meltdown and Spectre or keeping your servers up to date, contact us at +1 (888) 366-4443.