The security vulnerabilities, Meltdown and Spectre, have impacted billions of devices and left the public with a variety of questions. It is our hope, by addressing the questions below, some of the uncertainty end-users are facing will be diminished.
What is Meltdown?
Meltdown is a security gap lying deep within the kernel of Intel processors. Meltdown, allows for programs and applications to communicate with one another through the kernel. Typically, this communication is mitigated by the kernel. However, Meltdown allows for all programs, including low-level applications to access the memory of other programs within the device and their secrets.
What is a kernel?
The kernel lies deep within the operating system, and manages operations between the computer and the hardware.
What is Spectre?
Spectre is a design flaw within almost all modern processors that are capable of keeping many instructions in flight. This vulnerability breaks the division that is normally between all applications. An attacker can then trick applications that have no vulnerabilities into leaking secret information to the attacker. Spectre is not as easily exploited by cyber criminals as Meltdown is.
Why are Meltdown and Spectre issues?
They leave security gaps that allow hackers to access sensitive information across different applications on a device. This can include various forms of data, or execute malware on different levels of the device.
How do I know if my device is impacted?
If your device is using an Intel processor, it’s almost certainly impacted by Meltdown as the vulnerabilities date back as far as a decade. Any device with a modern processor is also almost certainly affected by Spectre, as it spans not only Intel and AMD but all modern processors in any device.
How can this be fixed?
There have been several patch releases from companies to mitigate these vulnerabilities, these include but are not limited to: Windows, Linux, Android, iOS, and OS X.
Google has released Android patches for its devices as well as its Android partners, but whether your smartphone gets the patch or not is still up in the air. There is more information here on Android device vendors pushing out the update.
Apple has released patches across all of their devices that are still supported by iOS 11. This dates back to iPhone 5S.
Will all of my machine be updated?
It’s possible they will not. Microsoft is only releasing the update to devices that either have no third party anti-virus installed, or are using anti-virus software that has set a specific registry key. This is important because, if the registry key has not been set, then this specific update as well as all future Microsoft patches will not be pushed to that device. Microsoft found that there was a small group of anti-virus products that were using their protocols incorrectly and caused blue screen issues after the patch.
How do I know if my security solution provider made the registry key update?
You’re encouraged to reach out to your anti-virus software vendor to inquire if they’ve made the necessary updates. PC Matic Pro, PC Matic MSP, and PC Matic Home have set the registry key, per Microsoft’s request. You can verify that your version of PC Matic is allowing the patch by ensuring you’re on Super Shield version 3.0.0.7.
If my security solution provider doesn’t update their registry key, what do I do?
If the AV vendor does not set the registry key, this patch will not be installed as well as all future Microsoft patches. In order for the vulnerability to be patched, you will need to move to an AV solution that has set the key, or switch to Windows Defender.
Once updated, will I experience any issues?
Possibly. Users have reported up to a 30% decrease in device performance. Although this is widely unknown and varying depending on the individual device.
Other than performance issues, are there additional risks of installing the update?
Yes. AMD Athlon CPUs have been experiencing a BSoD. Since the issues have been reported, the updates have been suspended until a fix can be issued. Azure virtual machines are also experiencing issues getting back online after completing the update. Although, Microsoft has identified this as isolated incidents.
An additional issue has been associated with PCs running the update with more than one AV program installed on the device. This issue is creating a BSoD issue as well. This error is presenting if one of the multiple AV programs is not in compliance with the registry key Microsoft has required. Therefore, even if the primary software is updated with the registry key, and the other is not, the BSoD will occur.
Where is the best place to find all of the information I could possibly want on Spectre and Meltdown?
Beware, following this link leads you down a rabbit hole of very technical documentation, research papers, code, and general technical talk. Enjoy! https://meltdownattack.com/
