Excerpted from Cylance Blog, January 4, 2018
Chip manufacturers have acknowledged a set of vulnerabilities (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) that are exploitable at the hardware architecture level, leaving multiple operating systems impacted, including Microsoft Windows, Apple macOS, and various Linux distributions.
• Microsoft issued a patch out-of-band before vendors were given time to respond with testing and updates.
• Cylance, like other vendors, needs to update one registry setting to enable the Microsoft patch process. We are currently in the process of a full-spectrum of QA testing and will follow with full instructions on updating this.
• We recommend that customers test this update in non-production systems first.
At this time, it has been confirmed by the Cylance Threat Guidance team that there are no malware kits taking advantage of these vulnerabilities with rogue executables that Cylance would prevent. We will continue monitoring, and if weaponized exploits begin to appear, we will update this article with our protection status.
Meltdown and Spectre are critical hardware-based vulnerabilities in modern processors. These vulnerabilities could allow an attacker to steal information stored in the memory of a wide range of computer chips running on personal devices — not just computers and phones, but also the servers in data centers, including those used to run cloud computing services.
These widespread vulnerabilities could allow an attacker to steal information stored in the memory of the chip itself, including things such as passwords and cached files. It could also pave the way for attackers to weaken other security features.
Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.
For a more technical discussion, we refer to these papers on Meltdown and Spectre. More information can be found at https://meltdownattack.com. For reference, these vulnerabilities have been present for over 20 years and are not controlled via the operating system.
Cloud providers which use Intel CPUs and Xen PV as virtualization without having patches applied are vulnerable. Furthermore, cloud providers without real hardware virtualization, relying on containers that share one kernel, such as Docker, LXC, or OpenVZ, are affected.
Cylance is in the process of assessing all areas of our infrastructure. Amazon Web Services, our cloud provider, has released this statement and informed all their customers that they already protected nearly all AWS instances and that customers will still have to patch the operating systems they use.
Additional references and resources are available below. If you’d like to know more about Cylance products, please contact Chi Corporation at 440-498-2300 or sales@chicorporation.