As you would have heard the news yesterday, design flaws in Intel, AMD and ARM processors made headlines and pushed Microsoft, Intel and others to quickly address the growing security concerns. Microsoft was one of the first to act and yesterday released an emergency update with kernel fixes to protect Windows users from the security flaw, highlighting that the security exploit is serious but hasn’t been actually used for now.
This “chipgate” is actually about not one but two critical vulnerabilities in modern processors called Meltdown and Spectre. The Graz University of Technology, which contributed to these two discoveries has published a dedicated website with lots of information on the security flaws.
In summary, here’s what you need to know about Meltdown and Spectre:
“Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.”
What, Can I Do?
We currently know that almost every Intel processor released since 1995 is potentially affected by Meltdown, but it’s still unclear so far if ARM and AMD processors are vulnerable. As for Spectre, which is harder to exploit than Meltdown but also harder to mitigate (there is still no fix for it), it affects all modern Intel, AMD and ARM processors.
The security patch that Microsoft released yesterday is just for Meltdown, and it also includes some specific fixes for Microsoft Edge and Internet Explorer 11. You should install this emergency update as soon as possible and IT admins should ensure their machines are receiving this update since anti-virus software may block the installation of the patch. More here on this page.
- Microsoft was very quick to respond as per above
- Apple – at time of writing, is yet to detail its plans to address the security flaws.
- Intel has explained in a press release that it has “begun providing software and firmware updates to mitigate these exploits.” They have also released a detection tool that can tell you if your device needs a firmware update for additional hardware protection.
Written by CSO, Rob Quickenden, like Rob’s content? You can connect with him here.