Meltdown and Spectre - The Story So Far
08/01/2018

You may have seen in the media reports of a serious security vulnerability variously referred to as KPTI, KAISER and F**CKWIT and methods of exploiting it generally known as MELTDOWN AND SPECTRE.

This flaw has existed for years and has been known about for months at least and is not currently being maliciously exploited (no hackers or viruses are using this to corrupt, steal or otherwise endanger data) so there is no need to panic.

While this is not an active security threat like the recent Wannacry and other ransomware outbreaks or the many other kinds of malware already in existence, it is a problem with how computers work at a very fundamental level and so is generating a lot of publicity.  Rather like the ‘Y2K bug’ it is a real and serious issue, however like that issue, one which is unlikely to impact end users or small to medium business networks.

Microsoft patches and anti-virus updates which deal with the threat are in the process of being released and are being deployed to our customer’s servers and workstations as part of our automated Windows Updating Policy and central anti-virus management and is a good example of why proactive security patching is always important.

It has been widely publicised that the patches being deployed can cause the CPU to slow down, however, this is unlikely to be noticeable except on very busy database servers in large organisations.

In short, while this is a serious high-level problem in modern computing the threat is largely theoretical, fixes are already in place to deal with it and P2’s automated systems and pro-active monitoring are keeping our customer’s systems running securely and smoothly to ensure they do not experience any problems arising from the issue.

Meltdown / Spectre – all the technical details

Inside most modern Operating Systems such as the Windows Operating System on workstations and servers, there is a set of core processes, known as the kernel, that manages everything else: it starts and stops user programs; it enforces security settings; it manages memory so that one program can’t take over another; it controls access to the underlying hardware such as USB drives and network cards; it rules and regulates everything that happens on the computer.  The kernel runs at a separate privilege level from the user programs (like your web browser or Microsoft Word etc.) to keep its secrets and special abilities isolated from the other software.

The hardware of the CPU (Central Processing Unit, the main chip that is the core ‘brain’ of any computer) itself supports this separation.

A flaw in how this works at the hardware level has been discovered and it affects almost all CPUs made by Intel, AMD and ARM since 1995 – this means the CPU in almost all workstations, servers, mobile phones and tablets and even other network hardware like routers and switches.

The flaw means that it is possible, under some circumstances, for user programs to read or even change the kernel’s secret information, which could theoretically mean a malicious program or process could discover security credentials or other usually secret information and ‘take over’ the computer.  It’s a potential whole new way for viruses to work.

Some ‘proof of concept’ ways of exploiting this vulnerability, called Meltdown (for Intel CPUs) and Spectre (for AMD CPUs) have been developed but there are currently no actual malware using this ‘in the wild’ – no one’s bank details are being stolen or spreadsheets corrupted using this method – however,  because it is a fundamental flaw in how modern computing works it is being taken very seriously.

It is likely that the hardware architecture of CPUs will change to correct this flaw in future, however, in the meantime, the Operating System developers, such as Microsoft, have changed the way work is done by the CPU to prevent this vulnerability being exploited.  Unfortunately, this causes this workload to be processed slightly less efficiently and this will affect performance.  The more simultaneous calls the CPU has to handle the more noticeable the impact of this performance reduction will be.  Some kinds of use cases, such as large and busy databases, make many more simultaneous CPU calls and so may experience significant slow-down, which is being estimated as a potential 2-30% reduction in performance. This is going to have a serious impact on the performance and cost of cloud computing for organisations such as eBay or for software-as-a-service providers - which could cause a trickle-down effect of slowed performance or knock-on price rises for some products and services.

With such a fundamental change to how the system runs and because of the way anti-virus software interacts with the Operating System kernel, there was an issue initially with the Microsoft Operating System patches causing problems with some anti-virus products which could cause computers to experience ‘blue screen’ failures or be unable to boot to the Operating System. Microsoft is working closely with antivirus software partners to ensure that only computers with compatible anti-virus software are able to install the Operating System updates and to ensure all customers receive the January Windows security updates as soon as possible.

Most major anti-virus products are now compatible and the necessary updates for them are already in place on most platforms, but whether these are deployed on any given system depends on how regularly it is configured to check for and apply application updates.

Similarly, the Microsoft Operating System updates have been released for most versions of Windows, however, some are still in development and again whether or not the patches have been applied on any particular computer will depend on its configured update schedule.

Updates for other Operating Systems, such as macOS for Apple computers, iOS and Android for smartphones and tablets, Linux and UNIX computer Operating Systems and the various firmware and embedded systems in network hardware such as routers and switches and many other electronic devices are likely to be released over the coming months and distributed through the usual channels for those products.

Speak to the team


Enter your details below & we will call you back to discuss how P2 can help make IT simple.

We've made IT simple for these great clients...

P2 Newsletter
P2 Social