In the first week of 2018 a new vulnerability flaw has been discovered and announced. The flaw is present in almost every modern processor since 1995. The flaw was disclosed by Google’s Project Zero Team. Where the vulnerabilities can potentially have an impact on all major CPUs, including those from AMD, ARM, and Intel which now threatens almost all PCs, laptops, tablets, and smartphones, regardless of manufacturer or operating system. Unfortunately, the vulnerability flaw will require complete total system architecture re-engineering for the computer’s CPU operating system kernels. Security researchers have discovered that many older chip system architectures from the last decade which includes embedded protected memory kernels can now be read. The CPU kernel hardware vulnerabilities have been categorized into two attacks which have been named “Meltdown” (CVE-2017-5754) and “Spectre” (CVE-2017-5753 and CVE-2017-5715), which could allow attackers to steal sensitive data which is currently processed on the computer. Computer system passwords which are commonly hidden within the CPU memory kernel from other software systems operating on the machine, unfortunately, can now be read. If mapped computer system architectures with exposed memory kernels can be read, it has the possibility to expose numerous embedded passwords to malicious threat actors. At best, the vulnerability unfortunately, could also be leveraged by hackers using malware to more easily exploit other security bugs within the system’s computer operating system. Many software vendors and operating system distributors are currently working on patches for an immediate fix with a distribution to users. However, security researchers are stating that since the patches used to fix the flaw deep within the kernel of a system’s CPU architecture that the patch will definitely effect the performance of the system by slowing down system processes. The patches to Linux, Windows and MacOS will definitely result in degraded performance to a number of machines. On various security and computer technology vendor blogs, users reported a performance reduction between 5 percent and 30 percent. The effects are still being benchmarked based on the task and the Intel processor models. Unfortunately, the poor system performance would disproportionately damage the majority of data centers and cloud infrastructures which are running Intel chips.Redport’s CEO Steve Reinkemeyer along with the many security researchers at Redport IA, LLC are staying on top of the patch fix and distribution by well-known vendors. Intel has made a security announcement on their site in regards to the vulnerability and when the patch fix for the kernel flaw will be available to all users. Therefore, system programmers are scrambling to re-engineer the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce and announce on their own, the necessary changes that users will need to complete for its Windows operating system on their popular Patch Tuesday.

By Dr. Randall Sylvertooth


Sources:
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html

For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA