Jump to content

Meltdown and Spectre Vulnerabilities


Recommended Posts

  • Root Admin

Please read the following article for further information regarding the recent Meltdown and Spectre Vulnerabilities reported on January 3, 2018, by the Google Project Zero team

Also, from our Malwarebytes Labs

Meltdown and Spectre: what you need to know

Meltdown and Spectre fallout: patching problems persist
https://blog.malwarebytes.com/cybercrime/exploits/2018/01/meltdown-and-spectre-fallout-patching-problems-persist/

 

Edited by AdvancedSetup
Added another blog entry
Link to post
  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Just saying,

These "infections" all seem to be from Development Sources, and I have been looking to find any 'In the Wild' instances.

Do you think these are not items that will be found in the wild, or has the team actually ever found one ? I am yet to find one, but with AMD / Intel / and ATI processors, I did research them and these companies all say these have not been found in the Wild, like all other 'Infections', merely Work Bench 'possibilities'.

This is like Jave and other updates where we say to uninstall older versions as they May be open to attack, but we do not usually show instances  ?

Only an opinion and a question..

Link to post
  • Root Admin

This is nothing like Java. It is a coding error in hardware. The updates by manufacturers are an attempt to prevent someone from coding something to exploit it.

Please follow the links and read up more on the issue. Hopefully not too much will come of it, but the potential for big trouble certainly is.

For users on Cloud systems that pay for resources, if those resources are slowed down by this issue then they're losing a lot of money daily due to this bug.

 

Link to post
On 1/6/2018 at 7:27 PM, noknojon said:

Just saying,

These "infections" all seem to be from Development Sources, and I have been looking to find any 'In the Wild' instances.

Do you think these are not items that will be found in the wild, or has the team actually ever found one ? I am yet to find one, but with AMD / Intel / and ATI processors, I did research them and these companies all say these have not been found in the Wild, like all other 'Infections', merely Work Bench 'possibilities'.

This is like Jave and other updates where we say to uninstall older versions as they May be open to attack, but we do not usually show instances  ?

Only an opinion and a question..

The research into the exploits (and Meltdown, in particular) began in 2016, at a security conference, where the primary researchers credited with discovering the exploits sat down to talk about the possibility of the exploit existing based upon security research on other exploits that was presented at that conference.

The researchers independently confirmed that their suspicions were true - coders at Google's Project Zero and researchers from various entities, including Graz University, University of Pennsylvania, University of Maryland, University of Adelaide, and Rambus corporation, among others.

They developed Proof of concepts, and then informed the relevant chip manufacturers - on Meltdown, for example, they informed Intel back in June 2017.  The exploits are not in the wild because they were found by security researched and not malware developers.

The reason there was an explosion about it this year is that most of the big name software developers had, by that time, developer patches for their software / OS / kernels to release to the public to help mitigate the probability that these exploits could be, well, exploited.  The major portion of the focus here is not on end users' machines, so much as data centers and web-based and cloud-based services, which is where this exploit is truly threatening.  Think about it like this:

On your machine, say a malware dev creates malware capable of infecting your machine, and making use of the exploit to snag credentials and other private information - OK, so, maybe the info of 3-4 users, depending upon the number of users of the machine,.  They have to replicate this attack tens of thousands of times to have any sort of decent 'success' in terms of financial gain.

But if they were to gain the same sort of data from an AWS server?  The financial gain could be staggering.

Thus the main focus is for those types of services, and the hits that those types of services will be taking.  Epic games recently released a statement that the recent slowdown and login issues with their game Fortnite are directly due to the patches instituted at the server level to block thees exploits:  https://www.engadget.com/2018/01/06/epic-blames-meltdown-patches-on-fortnite-problems/

Not something you would ever think about off the top of your head when thinking about theses exploits, is it?  But the gaming industry is huge, and exploiting even a single sever being used for MMO games like this could expose the credentials of every user playing that game - a much bigger scope than your single PC.

The same holds true for eCommerce sites, funding sites, etc.

So, now that the exploits are out in the open, I would be surprised if malware devs somewhere don't at least make an attempt to see if the exploits can deliver.  However, and IMO this is a very good thing, the researchers waited until the major players (the Linux kernel, Microsoft and the NT kernel, and many large software developers, including Google, Mozilla, and others) had code ready to ship to help protect against the exploits as much as possible before the researchers released the information into the public.

In addition to the links above, I humbly submit some very heavy technical reading with the actual research papers on the two exploits, https://meltdownattack.com/meltdown.pdf and https://spectreattack.com/spectre.pdf.

In addition, I also submit this PDF that makes things a bit easier to read and understand, but is no less technical than the previous two:  https://www.renditioninfosec.com/files/Rendition_Infosec_Meltdown_and_Spectre.pdf

Finally, if you want a wealth of links dealing with the exploits, head over to the Wikipedia page https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)#cite_note-1

And peruse the links at the bottom reference section.  And the same for the Spectre Wikipedia page:  https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)

HTH

Edited by John L. Galt
Link to post

Thank You John.L.Galt,

You have added a bit more information than was openly offered, and makes greater reading in this form (no personal offense AdvancedSetup). I find the more simple and often extended these items are presented to us, the better we all can understand the basic facts..

I will admit that because you seemed to 'open' the subject a bit more I will be spending a bit more time reading these articles. Even though as mentioned in articles, (paraphrased to..) "it may rarely affect a private user, but the business / commercial sector (no matter how big or small) will (could) be the main targets".

Here is the market for us, and Antivirus companies to head towards, when they say "We are well protected with our own basic Antivirus / Antimalware programs" , but they may not be covered for these types of intrusions. Yahoo (and a few others) found out the hard way, as we know.

("the following article") left me feeling a bit short on what I was looking for in the first instance. But once opened it actually has meaning and is a good topic. Or it could be that the reply answered a lot more of what a basic user / part time helper was looking for. :)

Again, Thanks All.

Link to post
On ‎1‎/‎4‎/‎2018 at 8:25 PM, yardbird said:

Thanks for the Heads Up on the above Ron !!!! 

 

EDIT:  List of  AV vendors that may have a patch/fix for now on @AdvancedSetup  topic on post #1

https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=true#gid=0

For some reason when I look at the spreadsheet of AV vendors you posted I can only see down to row 24 (G-DATA). Of course what I most concerned with is Malwarebyes.

Link to post
  • Root Admin

Hi @Bob256

That link was actually from @yardbird

As for our product. Here is the following information.

MBAM2 Version: v2018.01.04.06
MBAM3 Version: 1.0.3624
MB3 build contains a patch for MS patch against meltdown/spectre
MB2 shouldn't be an issue - it is not an antivirus program replacement

Thanks

Ron

 

Link to post

manual...Bleeping Computer has created a .reg file that users can double-click and create the registry on their PC

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-no-more-windows-security-updates-unless-avs-set-a-registry-key/

but...read this :

https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices

https://doublepulsar.com/important-information-about-microsoft-meltdown-cpu-security-fixes-antivirus-vendors-and-you-a852ba0292ec?gi=99271faceadd

 

i know because i have AMD cpu  , and i updated my windows 7

AMD cpu + january 2018 MICROSOFT updates = no boot

no problem...i have acronis true image bootCD...RECOVERED *_*

 DISABLE WINDOWS UPDATE.

end customer experience

Edited by AdvancedSetup
Removed direct download link and added link to read
Link to post
  • Root Admin
  • Root Admin
26 minutes ago, gigiadi said:

AMD cpu / not affected ... yesssss i'm good

 

 

 

 

Variant One:  Bounds Check Bypass   :Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.

 

So, unless you do get an OS update your AMD is vulnerable

 

   
Link to post
3 minutes ago, AdvancedSetup said:

 

 

 

Variant One:  Bounds Check Bypass   :Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.

 

So, unless you do get an OS update your AMD is vulnerable

 

   

5a568a1124039_Ashampoo_Snap_mircoles10deenerode2018_22h42m13s_001_.thumb.jpg.4caabbb8d00da564110098c9da1dc41e.jpg AMD ,AMD ,AMD....

....WHAITING FOR RYZEN +

Edited by gigiadi
Link to post

Instant vulnerability check for Spectre and Meltdown

Glaring security holes in all modern processors named Meltdown and Spectre have recently made the headlines. With Ashampoo Spectre Meltdown CPU Checker, you can determine at the click of a button whether your system is vulnerable. The program uses a Microsoft-based check that would usually require complex inputs and configuration work before you'd see results. Ashampoo Spectre Meltdown CPU Checker does it for you and checks both potential attack vectors. If your system is affected, the program will offer further information on how to protect your computer. Ashampoo Spectre Meltdown CPU requires no registration or installation to work.

Ashampoo_Snap_jueves, 11 de enero de 2018_10h47m38s_001_.wmv

 

https://www.ashampoo.com/en/usd/pin/1304/security-software/spectre-meltdown-cpu-checker

https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Edited by AdvancedSetup
Link removed
Link to post

Thanks for the tool, I ran it, Meltdown is OK, Spectre vulnerable.

I have absolutely no clue to what's have to be done, I found info that I would have to update the BIOS.... seriously, this is something for advanced users and I'm not. 4 computers are vulnerable, I hope Intel or anyone else will provide a patch easy to install, they all have different motherboards, this is a pure nightmare !

 

Link to post
  • Root Admin

I have removed the hyperlink. I have not tested and don't have time to test their software. One needs to be cautious with what they run, especially at this time where I'm sure we'll see more and more tools claiming to check or fix things for you and possibly infect you. I am not saying this software would do anything, just being cautious.

 

 

Link to post
7 hours ago, gigiadi said:

Instant vulnerability check for Spectre and Meltdown

Glaring security holes in all modern processors named Meltdown and Spectre have recently made the headlines. With Ashampoo Spectre Meltdown CPU Checker, you can determine at the click of a button whether your system is vulnerable. The program uses a Microsoft-based check that would usually require complex inputs and configuration work before you'd see results. Ashampoo Spectre Meltdown CPU Checker does it for you and checks both potential attack vectors. If your system is affected, the program will offer further information on how to protect your computer. Ashampoo Spectre Meltdown CPU requires no registration or installation to work.

Ashampoo_Snap_jueves, 11 de enero de 2018_10h47m38s_001_.wmv

 


https://www.ashampoo.com/en/usd/pin/1304/security-software/spectre-meltdown-cpu-checker

https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

 

JUST PORTABLE TOOL ...DO NOT BE SCARED.

ASHAMPOO   OK.

0.jpg.4b5382ce11e906a7dc1227ac6f15cd52.jpg1.png.519431f681ed9e417a88af3c62001fd4.png2.png.5e80b59a738d3c0ad74a6edb51fbe6f1.png3.jpg.b9328f0d45dfc1bc4696039b9bd8c97c.jpg

Link to post
  • Root Admin

Of note Ashampoo in the past was using toolbars classified as PUP.

From an old Google search:
" Ashampoo ES (Spanish language version) Toolbar is a Conduit powered OurToolbar for Internet Explorer, Chrome and Firefox web browsers. The software collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar "


 

 

Link to post
36 minutes ago, doveletchan said:

Hi,

 

Our computers are using Malwarebytes Endpoint Security (MBAM ver.1.80.1.1011 [Database: v2018.01.12.01]), AMAE ver. 1.10.2.41 - 1.11.2.55)). Please advise if they are compatible with the Microsoft security patch released in early Jan/18 to against Spectre and Meltdown. Thanks.

 

Regards,

Dovelet

From:  https://blog.malwarebytes.com/security-world/2018/01/meltdown-and-spectre-what-you-need-to-know/

 

Quote

UPDATE (as of 1/04/18)Since the Malwarebytes Database Update 1.0.3624, all Malwarebytes users are able to receive the Microsoft patch to mitigate Meltdown.

I see the date of your updates - does MBES also have a version associated with the databases? 

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.