A serious flaw in the design of almost every CPU and/or operating system will result in cybersecurity-required updates, or patches, being published for Microsoft, Apple, and Linux operating systems.
One of our cybersecurity engineers noticed a flurry of Linux and Windows emergency kernel patches being published that are enabling and implementing KPTI (Kernel Page Table Isolation) protections (or barriers). Enabling KPTI for all operating systems will likely impact the computer’s performance, in some cases running 30% slower.
[ Jan 4, 2018 Update: This exploit was discovered by Google back in the early summer of 2017. The exploits are known as “Meltdown” and “Spectre” — two methods of exploiting a security vulnerability found in Intel, AMD, and ARM processors that, between them, threaten almost all PCs, laptops, tablets, and smartphones, regardless of manufacturer or operating system. ]
Why is there a need to do this now?
Smart money seems to be that a variation of a known cyber attack, called rowhammer, has been found in the wild. This attack is likely a hypervisor exploit … meaning the Big Brandsin the virtualization world (Amazon S3, Google Computer Engine, Microsoft Azure) could be at risk of a process in one Virtual Machine (VM) gaining access to data in another VM.
[Jan 4, 2018 Update: this initial blog post was written prior to the embargo date, which passed late yesterday afternoon. It initially was reported as an Intel CPU design flaw, but now is known as impacting most CPUs and OS, regardless of Manufacturer.
Two good articles with updated information are now worth reading as well:
- Click here for an article by BusinessInsider.com article about the flaw.
- Click here for an article by Mozilla, they have proven the exploit can be done from a browser/Java script. ]
Concern about this potential exploit was first noticed by a Sentar engineer monitoring various security forums. Information was first being discussed in the UK, eventually generating press articles from The Register and this one from BBC News:
In this article, by Jane Wakefield, Technology Reporter, she references information released by the UK’s National Cyber Security Centre:
“We are aware of reports about a potential flaw affecting some computer processors. At this stage there is no evidence of any malicious exploitation and patches are being produced for the major platforms,” the NCSC said in a statement.
Additionally, the article states:
The bug could allow malicious programs to read the contents of the so-called kernel memory of computers, which can include passwords and login keys.
It is also likely to affect major cloud computing platforms such as Amazon, Microsoft Azure and Google, according to The Register, which broke news of the flaw.
The effects of the updates to Linux and Windows could incur a performance slowdown of between five and 30 percent, experts said. It would involve separating the so-called kernel memory from other processes.
So, what should YOU do?
Well, right now…you have to wait until your Operating System vendor releases an update. Then, you need to make sure to update your computer when it is available. Due to the flurry of activity, the severity of the flaw, and the sheer number of computers this could affect, it is almost certain that an exploit will be created and used by nefarious individuals or nation states, if there isn’t already one available.