Yesterday, a serious design hole in Intel processors became known.Initially, much was based on speculation, but now it is becoming increasingly clear that not only Intel is affected, but also AMD and ARM, as it is more than a gap.Microsoft has released a first emergency security patch. The bugs are called Meltdown and Spectre.

Meltdown And Spectre

The gap that has become known yesterday regarding the hardware side of Intel processors, has probably a much greater scope than initially thought. It is now clear that virtually all PCs and even smartphones are at risk. The gaps were baptized, among others, Meltdown and Spectre, the former is probably the most serious (via GeekWire ). Details have revealed after the initial guessing of Google’s project Zero in a blog post, many CPUs including AMD, ARM, and Intel have been affected.

Meltdown

Meltdown allows any attacker to override or bypass the fundamental memory protection.This will give you access to areas that you probably should not have. In this way, sensitive data such as logins and passwords can be read, which is relatively easy to exploit. For example, in proof of concept exploits that have already appeared, this is triggered via Javascript. Meltdown is especially problematic for virtual machines (VMs), because theoretically one can get access to others from one instance. Meltdown affects Intel and the other manufacturers. Intel has already commented on this, pointing out, on the one hand, that others are also affected, and, on the other, pointing out that the exploits “do not have the potential to damage, alter, or erase data.”

Also Read: Microsoft To Distribute Emergency Patch For CPU Vulnerabilities Soon

But there are also positive news. Because appropriate software patches are already being distributed for Meltdown. Microsoft has published an emergency patch for this. However, you should not try to force the update with the number KB4056890 if you do not get it offered. Because the patch performs kernel changes and there are currently still incompatibilities with anti-virus programs, a manual installation can lead to system instabilities (via Dr. Windows ).

Also Read: Smartphone Sensors Can Be Used To Guess The User PIN

Spectre

As mentioned, Spectre also affects AMD and ARM, but here, too, there is a good bit of good news: Specter is more difficult to exploit than Meltdown. The bad news: Specter is harder to cram. There is currently no comprehensive patch, but at least the systems can be protected against specific exploits. Spectre can bypass memory protection between applications, including the sandboxing of operating systems or browsers. The memory is (in contrast to Meltdown), however, safe.

Also Read: Android’s January Patches Lead To Lags And Other Problems

The individual manufacturers have already released patches or will do so these days. Google has set up an overview page where you can see the state of affairs of each product. As mentioned, Microsoft has released a first patch, the next patch day in less than a week, there will probably be more in this regard. Apple users should already be protected as macOS 10.13.2 is already there, also with Linux countermeasures were carried out already

Source

1 COMMENT

Leave a Reply