Patches for critical vulnerabilities in Intel, AMD and ARM processors.

Recently, an existing vulnerability has been published in all Intel processors manufactured during the last decade that allows processes in user mode to access Kernel protected memory (known as Meltdown).

Another vulnerability has been discovered that affects AMD, ARM and Intel processors called Specter that breaks the isolation between applications. This is the most dangerous of all, because it affects virtually all modern processors.

It is expected that the published patches have a considerable impact on the performance of the systems, which could reach 30% - 35% overload, for this reason it is recommended to evaluate the performance of the affected systems to avoid availability problems. The Meltdown is the most complex to patch because of the high impact on the performance of the processors.

Vulnerabilities are distinguished in three variants

  • Variant 1 - Spectre (CVE-2017-5753): Bounds check bypass. It affects AMD, ARM and Intel processors. AMD confirms that it will be mitigated through patch for operating system and does not expect significant impact on performance.
  • Variant 2 - Spectre (CVE-2017-5715): branch target injection: Proof of concept executed successfully on Intel Xeon Haswell processors. AMD indicates that the differences in its architecture mean that the risk of exploitation in its processors is almost 0.
  • Variant 3 - Meltdown (CVE-2017-5754): rogue data cache load. Proof of concept executed in Intel Haswell Xeon successfully. AMD confirms that its architecture is not vulnerable to this variant. The patch for this variant, according to the original discoverers, is expected to have an impact indicated above regarding performance.

Windows

The patch released by Microsoft should arrive automatically to all users and we can get it from Windows Update. Three patches have been released for Windows 10 depending on the version:

  • Windows 10 Fall Creators Update, with patch KB4056892 (Build 16299.192)
  • Windows 10 Creators Update, with patch KB4056891 (Build 15063.850)
  • Windows 10 Anniversary Update, with patch KB4056890 (Build 14393.2007)

Users of Windows 7 and Windows 8.1 will receive the update next Tuesday, although they can search for the update manually.

Linux

Those responsible for the Linux Kernel have also gotten to work to release patched versions of it that correct the Meltdown and Spectre vulnerabilities. In kernel.org we can find the patched versions of the Linux kernels 4.14.11, 4.9.74, 4.4.109, 3.16.52, 3.18.91 and 3.2.97.

Android

The Android security patches of January 2018 correct multiple vulnerabilities, including the Intel Meltdown and Specter vulnerabilities, AMD and ARM processors. Google claims that it has not been able to reproduce Specter on Android devices, but in any case, has implemented a series of controls that limit attack vectors on ARM processors.

macOS

The version of macOS 10.13.2 includes a series of fixes for the vulnerabilities that affect the kernel. However, more security patches will be included with macOS 10.13.3, currently in beta.

Microsoft Confirms the impact on the performance of the update. No additional information about the expected behavior is available, so it is recommended to take extreme precautions in the process.

Links of interest

To get more info from our specialist please fill our contact form.

Contact form

Contact Us

Europe
Avda de la Hispanidad, 6
6th Floor
28042 Madrid, Spain
North America & Caribbean
13306 sw 144 ter
Miami FL, 33186
South America
Calle Matías Cousiño 150,
Oficina 322
Santiago, Chile
Middle East
DMCC I5 Premium Business Centre, Gold Tower, JLT
Dubai, United Arab Emirates