cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Manager

How are you handling Meltdown and Spectre?

Another day, another exploit. Or two. For now. News of Meltdown and Spectre is all around us...

Here are a few articles: 

Meltdown and Spectre: How chip hacks work - BBC

A Critical Intel Flaw Breaks Basic Security for Most Computers - WIRED

 

Meltdown and Spectre CPU Flaws Expose Modern Systems to Risk - eWeek

Critical Microprocessor Flaws Affect Nearly Every Machine - Dark Reading

 

So what are you - and your organization - doing to respond? Advice to share? Warnings?

 

Let us know! 

22 Replies
Community Champion

Re: How are you handling Meltdown and Spectre?

With respect to Meltdown and Spectre, I suggest a good source of notifications and updates and recommendations, which is regularly updated is:

 

IBM X-Force Exchange, you can sign up free and obtain notifications on important vulnerabilities as they develop regularly.

 

https://exchange.xforce.ibmcloud.com/collection/c422fb7c4f08a679812cf1190db15441

 

In terms of remediation, apply best practices for authorised patch management processes, and keep watching for updates.

 

 

 

 

 

 

Community Champion

Re: How are you handling Meltdown and Spectre?

Viewer

Re: How are you handling Meltdown and Spectre?

I went here asking the same question. We have a very large global company with multiple sites not to mention acquired companies. Getting updates on all the bios might take a while for us but I am going to suggest on some steps that can be done. Anyway, just want to know how others are handling this vulnerability.

Tags (1)
Community Champion

Re: How are you handling Meltdown and Spectre?

I suggest you collate an inventory of all your vendors/suppliers and commence communicating with them directly.  This will give you a pretty good idea on how proactive they are and also the timeline and quality of advice provide by each supplier.

 

I definitely recommend keeping an eye out on regular updates.  If I find any further information, I will endeavour to post it for all and sundry.

Community Champion

Re: How are you handling Meltdown and Spectre?

 

Here is a nice graphic from Daniel Miessler that gives an overview of the threats.  "Must have code execution" limits exposure.  

 

Our vendor list is prepared and emails/phone calls will be made today to check on their exposure. 

 

We are alpha testing the Microsoft patches today.  

 

Also, we are tailoring some internal and external communications.  

 

Paul

 

Community Champion

Re: How are you handling Meltdown and Spectre?

Sorry, but I can't see the image.

 

Best regards,

Community Champion

Re: How are you handling Meltdown and Spectre?

Hackers would first need to install malicious software on your computer in order to take advantage of these flaws.

That means they need to select their targets and hack each one of them before running a sophisticated attack to steal a computer's sensitive information.

 

Consequently, we have to have stroung computer security implemented and the malicious software will not enter your system...

Tags (2)
Community Champion

Re: How are you handling Meltdown and Spectre?

Hackers would first need to install malicious software on your computer in order to take advantage of these flaws.

That means they need to select their targets and hack each one of them before running a sophisticated attack to steal a computer's sensitive information.

Consequently, we have to have strong computer security implemented and the malicious software will not enter your system...
Contributor II

Re: How are you handling Meltdown and Spectre?

The threat actor doesn't need to install malware on an endpoint to take advantage of the the vulnerabilities. Functional JavaScript PoCs exist which exercises the bug. This means that the attack can be delivered via drive-by exploitation when a browser visits a site serving a malicious payload.

 

Firefox and Chrome javascript engines have been patched, so if you have the latest you should be fine. I'm not sure about other browsers/jscript engines. It is likely Microsoft and Apple have also taken necessary steps.

 

So, endpoints may have exposure to the issue in this fashion. Your own servers are likely fine, but anything in a multi-tenant, public cloud is another story as an attacker could get a VM instance on the same physical host as yours and if the hypervisor host is vulnerable, it can be a major issue in terms of disclosure.

 

-- wdf//CISSP, CSSLP