cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kaity
Community Manager

How are you handling Meltdown and Spectre?

Another day, another exploit. Or two. For now. News of Meltdown and Spectre is all around us...

Here are a few articles: 

Meltdown and Spectre: How chip hacks work - BBC

A Critical Intel Flaw Breaks Basic Security for Most Computers - WIRED

 

Meltdown and Spectre CPU Flaws Expose Modern Systems to Risk - eWeek

Critical Microprocessor Flaws Affect Nearly Every Machine - Dark Reading

 

So what are you - and your organization - doing to respond? Advice to share? Warnings?

 

Let us know! 

22 Replies
Caute_cautim
Community Champion

With respect to Meltdown and Spectre, I suggest a good source of notifications and updates and recommendations, which is regularly updated is:

 

IBM X-Force Exchange, you can sign up free and obtain notifications on important vulnerabilities as they develop regularly.

 

https://exchange.xforce.ibmcloud.com/collection/c422fb7c4f08a679812cf1190db15441

 

In terms of remediation, apply best practices for authorised patch management processes, and keep watching for updates.

 

 

 

 

 

 

Caute_cautim
Community Champion

D4rk_sp1d3r
Viewer II

I went here asking the same question. We have a very large global company with multiple sites not to mention acquired companies. Getting updates on all the bios might take a while for us but I am going to suggest on some steps that can be done. Anyway, just want to know how others are handling this vulnerability.

Caute_cautim
Community Champion

I suggest you collate an inventory of all your vendors/suppliers and commence communicating with them directly.  This will give you a pretty good idea on how proactive they are and also the timeline and quality of advice provide by each supplier.

 

I definitely recommend keeping an eye out on regular updates.  If I find any further information, I will endeavour to post it for all and sundry.

Radioteacher
Community Champion

 

Here is a nice graphic from Daniel Miessler that gives an overview of the threats.  "Must have code execution" limits exposure.  

 

Our vendor list is prepared and emails/phone calls will be made today to check on their exposure. 

 

We are alpha testing the Microsoft patches today.  

 

Also, we are tailoring some internal and external communications.  

 

Paul

 

leroux
Community Champion

Sorry, but I can't see the image.

 

Best regards,

leroux
Community Champion

Hackers would first need to install malicious software on your computer in order to take advantage of these flaws.

That means they need to select their targets and hack each one of them before running a sophisticated attack to steal a computer's sensitive information.

 

Consequently, we have to have stroung computer security implemented and the malicious software will not enter your system...

leroux
Community Champion

Hackers would first need to install malicious software on your computer in order to take advantage of these flaws.

That means they need to select their targets and hack each one of them before running a sophisticated attack to steal a computer's sensitive information.

Consequently, we have to have strong computer security implemented and the malicious software will not enter your system...
Badfilemagic
Contributor II

The threat actor doesn't need to install malware on an endpoint to take advantage of the the vulnerabilities. Functional JavaScript PoCs exist which exercises the bug. This means that the attack can be delivered via drive-by exploitation when a browser visits a site serving a malicious payload.

 

Firefox and Chrome javascript engines have been patched, so if you have the latest you should be fine. I'm not sure about other browsers/jscript engines. It is likely Microsoft and Apple have also taken necessary steps.

 

So, endpoints may have exposure to the issue in this fashion. Your own servers are likely fine, but anything in a multi-tenant, public cloud is another story as an attacker could get a VM instance on the same physical host as yours and if the hypervisor host is vulnerable, it can be a major issue in terms of disclosure.

 

-- wdf//CISSP, CSSLP