New Vulnerabilities Identified
Things are heating up since our Spectre Solved announcement, demonstrations and presentations at RSA 2018. Two weeks later, eight new CPU vulnerabilities have been identified, according to Heise the German computer magazine. Combined with the SpectrePrime and MeltdownPrime methods uncovered by Nvida and Princeton researchers, the number of Spectre and Meltdown exploit variants have risen to 13 and still more are expected.
Large enterprises and cloud service provider should be concerned. The “Next Generation” (NG) of Spectre vulnerabilities, as the recent eight security gaps have been dubbed, are just as dangerous (or more) as the original Spectre and Meltdown flaws. Four have been classified as high-risk, while the remaining four are considered a medium risk to enterprises. Organizations are urged to take this seriously and patch immediately to ensure applications aren’t compromised.
Spectre NG details have yet to be published, but here is what we know.
- The variants are a result of the initial Spectre/Meltdown design flaw
- Intel chips are affected, and one ARM CPU is vulnerable
- CVEs have been defined for each new variant.
- Microsoft, Linux and others are collaborating on fixes
- Each variant will require a separate patching
- Increases risk of cross-boundary VM to VM attacks.
The Expanding Risk
Technical details about Spectre Next Generation are lacking. Research is still being done with the hope of providing a patch at the same time the flaw is formally announced. According to Heise researchers, the level of risks posed is similar to that of Spectre, with one exception. One of the NG variants significantly increases risk of cross-system attacks well above what was noted with Spectre. Next Generation simplifies efforts to use one process to attack another, which makes it more likely to be used in an exploit. Malicious code running in a virtual machine (VM) can effectively be used to execute an attack on a process running in another VM on the same server. Although this was achievable with earlier Spectre variants, Spectre-NG enables cybercriminals to now execute the attack with less prior knowledge and expertise. Multi-tenant cloud and data center services, where multiple customers are running different workloads on a shared server, are at the greatest risk.
Attempts to Patch Spectre/Meltdown Continue
Patching Spectre is not a priority for some. At RSA 2018 we surveyed about 155 individuals to find that only half have actually installed patches. Additionally, and due to the complexity involved in patching vulnerable systems, one can assume that many of those who have installed patches, have not done so for all vulnerable applications. With hundreds of vulnerable apps in a typical organization, it’s hard to believe that any one company can successfully install patches to cover all. Overall, only 35% of those we surveyed felt that Spectre/Meltdown threats were a major concern to their organization, so it appears the urgency is just not being felt.
With the latest Spectre-NG variants, whether there will be an end to patching Spectre and Meltdown is unclear. Each variant requires separate patching at varying levels (OS, microcode, application, user device). Patches have yet to be provided and will most likely be published on varying schedules. Moreover, with bounties being offered for the discovery of new related exploit techniques, we can expect an ongoing flood of patches down the road.
The Attacks Are REAL
At RSA 2018, Virsec demonstrated Spectre/Meltdown attacks, followed by their protection approaches. Engineers proved Variants 1, 2 and 3, showing how dangerous these attacks were in terms of stealing information or affecting application services. Those who witnessed the attacks found it alarming, as they saw how “bad actors” could read (steal) information from a process running, while a victim is actually using the application. The attack vector leverages a fileless approach and does not involve any endpoint malware, as it jeopardizes secured boundaries on the servers.
Don’t Get Caught Off Guard
During the RSA demonstration, Virsec Security Platform was used to pre-emptively patch the hardware and software flaws. It defended the application as instructions and data moved from memory to the CPU for processing. Virsec’s patented Trusted Execution technology deterministically maps proper application process flow so it can identify any abnormal methods and use of memory, and stop the exploits in real-time.
Close the window of opportunity for cyber criminals. You can solve the Spectre problem today without new microcode, firmware updates, or patching the OS, kernel or application. With Virsec Security Platform, HW and SW vulnerabilities are patched preemptively and advanced attacks are stopped in real-time without changing code. Visit our Spectre and Meltdown resource page to learn more about their solutions, along with contact us information. We’d like to hear from you.
Learn more about the Virsec Spectre Solution.
