CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754
On the 3rd January 2018 news first started emerging of three vulnerabilities affecting the onboard firmware design of Intel processors going back over a decade. These vulnerabilities are related to ongoing discovery of known issues with the processors first announced in 2015 and 2016 but are of a larger worry due to the inherent weaknesses exposed in the current research.
The discovery by Google’s zero day exploit team in the first quarter of 2017 was shared over time with industry partners under embargo in a concerted effort to reduce exposure to risk. That embargo was due to be lifted on the 9th January but as a result of upstream Linux releases and the imminent release of public exploit code this information has been announced in the public domain
Spectre steals data from the memory of other applications running on a machine. Google said that Meltdown seems to be limited to Intel chips, but Spectre affects almost all modern processors – including those from AMD, ARM, and Intel.
Am I affected?
Yes, if you are a user of a PC, Server, Tablet, Phone or device with a modern Intel processor you are affected. Users of ARM, AMD, Power PC and Z series IBM machines are also affected to varying degree. Some vendors are taking a belts and braces attitude and releasing patches for those architectures as well.
Microsoft Windows users
Users should make sure their server and workstation environments are running the latest versions of operating systems and are fully patched. Microsoft is making a patch available this Thursday and all machines should be patched promptly.
Linux
Red Hat – Linux workstations and servers harnessing Red Hat Enhanced Linux (RHEL) and derived supported instances have had patches made available and customers should use their Satellite Red Hat Access account to patch immediately for all supported architectures for versions 6.x and 7.x. All older versions should be upgraded as patches will not be made available.
CentOS – CentOS is a non supported derivative of Red Hat Linux and often isn’s recommended for deploying mission critical servers and. Users should ensure that they are running later versions of 6.x or 7.x variants. Patches are likely to be available via YUM repositories within 36 hours of the Red Hat binaries.
SUSE – SUSE is in the process of creating patches. Customers should use their software manager or Spacewalk instance to deploy to affected servers and workstations.
Debian, Ubuntu, Mint and derivatives – Customers should upgrade packages including the kernel via APT (or their preferred package manager) when available.
Mac OS X
Mac OS X use Intel CPUs and Apple are in the process of testing patches for deployment. Customers should apply patches on notification of release.
ChromeOS devices – Chromebooks
ChromeOS has been patched already as long as the latest released version is in use. Users should check software versions and update and reboot if not up to date.
Containerisation
Where LXC, Dockers or Kubernetes container ecosystems are deployed on top of Linux please see specific guidance from community support pages.
Other affected vendors
Falanx are aware of over 80 hardware vendors in the security and telco space who are impacted by their use onboard of Intel hardware. These should be treated no different to a Linux server and afforded same level of monitoring to ensure they don’t become targets. We do not expect vendors to be proactive about patch availability.
This includes firewalls, switches, storage devices, spam protection hardware from a myriad of vendors. Users should keep a careful eye on vendor sites as a matter of urgency for updates for these devices.
Cloud service providers
There are plans to reboot large swathes of public cloud providers on Friday to make kernel and dependent updates. This is unavoidable. Users should consult their providers.
Have I been hacked ?
There is currently no methodology to identify the use of these attacks as they go unlogged. More info to follow when available.
Next steps:
Stay informed, keep up to date with latest security briefings from Falanx.
