Meltdown & Spectre

Intel CPU Vulnerabilities & AXS GUARD

About

  • Meltdown and Spectre exploit critical vulnerabilities in modern processors.

  • The hardware vulnerabilities allow an attacker to compromise the privileged memory of a processor by exploiting the way processes run in parallel.

  • While programs are typically not permitted to read data from other programs, a malicious program could exploit Meltdown and Spectre to get hold of secrets belonging to other running programs.

  • This may include passwords stored in a password managers or browsers, personal photos, emails, instant messages and even business-critical documents.

How do these vulnerabilities affect AXS GUARD?

Bare Metal Environments

  • Attacks cannot be performed remotely.

  • To exploit the CPU vulnerabilities, an attacker must be able to log in to your appliance and have the ability to execute code.

  • By default, your AXS GUARD appliance can only be accessed by system administrators from the secure LAN. To execute code, console access privileges - which are disabled by default - are required.

  • Access to the web-based administrator tool and the console from the Internet are blocked by the firewall by default, which means the attacker would have to operate from the inside.

Virtual Appliances and Shared Hosting

  • The Meltdown en Spectre exploits are a bigger concern in virtual and shared hosting environments.

  • With shared hosting, a single point of access serves multiple clients, e.g. a terminal server. In a virtual environment, operating systems and applications are isolated from the underlying computer hardware by a hypervisor, which independently operates one or more virtual machines.

  • If a shared host is compromised, an attacker might be able to exploit any client connected to the shared host.

  • If a hypervisor is compromised, then attackers might be able to read the memory of any running virtual machine.

  • In both scenarios, AXS GUARD solely depends on the security provided by the hypervisor and the shared host.

Recommendations

  • Patches for the Meltdown bug are already being released - a Microsoft's Windows 10 patch has been released on Thursday, with updates for Windows 7 and 8 to follow in the next few days.

  • The latest version of Apple's macOS, 10.13.2, is patched, but earlier versions will need to be updated.

  • Some cyber-security experts have recommended blocking ads, browser scripts and page trackers as well.

References

https://meltdownattack.com/