Another day, another exploit. Or two. For now. News of Meltdown and Spectre is all around us...
Here are a few articles:
So what are you - and your organization - doing to respond? Advice to share? Warnings?
Let us know!
Opinions are my own and not my employer
Would BIOS lock and Micro segmentation using VMware NSX work to isolate this threat (and future ones)
The National Institute of Standards and Technology (NIST) Special publication on BIOS protection guidelines stated the following:
Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization
BIOS locking and microsegmentation address other threats, not these.
These have to do separation of memory protection rings where, due to various performance optimizations in hardware and at the OS level, data can leak between boundaries (userland process gaining state knowledge of kernel-space memory, or one user process able to gain state knowledge of memory in a process running in a different context on the same os instance).
Microsegementation really addresses network traversal and lateral movement issues, particularly inside virtual environments. BIOS locking is important and you should do it, but isn't going to help you here.
Apply your OS patches and any firmware/microcode updates as may be appropriate; newer Intel processors which use PCID in the context switches shouldn't have the major (30%) performance impact that will be caused by KAISER-type mitigations (unmapping user virtual address space from TLB on entry to system call, then unmapping kernel virtual address space when leaving and returning to the userland process's execution context). Allegedly newer Intel processors should only have a 5% hit there, more or less, and depending on workload. AMD processor are allegedly not vulnerable to "Meltdown" because they made the sane choice of actually checking security context before going down the predictive execution rabbit hole.
I spent a good bit of time last year digging through FreeBSD kernel code, writing some, and having to get some major refreshers on "how computers work" at the low level, so the pump was primed to follow this issue with great interest 🙂
These are 2018 vulnerabilities. Thanks for sharing this. This is a hot topic because it is new, recent and hot. Installing latest patches, using a good security solution, security awareness and avoiding insecure website are among the security tips that I recommend