This latest vulnerability has caused a huge concern for the IT industry in particular. Though the risk (when successfully exploited) is immense, the potential and possibility to exploit these vulnerabilities is not as simple/easy as it is perceived, for following basic reasons:
- Both of these attacks (Meltdown and Spectre) are local attacks which means the vulnerability can’t be exploited just because the devices are connected to the network. It requires someone with an authorized access to the system (a legitimate but lower privilege) to exploit this vulnerability.
- It’s closely similar to Privilege escalation attack which essentially allows an intruder to do bad stuff on a system that he already has access to (albeit only after manipulating to gain higher level access)
- Both of these attacks are READ-ONLY which means the possibility of forcing code execution in virtual machine, OS kernel or other programs, is bleak.
Some basic suggestions to Mitigate -
- Apply the patches (BIOS and OS)
- Harden & Isolate the the system/processes as best as possible.
- Deploy Defense in Depth (aka Layered Security architecture)
- Encrypt the files as needed
- Strong Password with Salting protection