A new class of security vulnerabilities referred to as “Speculative execution side-channel attacks” also known as “Meltdown and Spectre” were publicly disclosed by Cyber security researchers this week. Given the gravity of these flaws, many concerns have been rightly raised. In this article I will cover their impact as well as the Microsoft Cloud’s response and how they are dealing with it. I will also cover how you can mitigate and prevent the issues for on-premises environments.
These security flaws exploit critical vulnerabilities in modern processors whether Intel, Apple, AMD or ARM chips. They allow programs to steal data while it’s being processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the CPU’s memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Overview of Spectre Vulnerability:
Spectre breaks the most fundamental isolation between user processes and the operating system. This attack allows a program to access the CPU’s memory, and thus also the secrets, of other programs and the operating system.If your computer has a vulnerable processor’s (Intel, Apple, ARM, AMD) and runs an unpatched operating system / firmware, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.
Overview of the Meltdown Vulnerability:
Meltdown breaks the isolation between different applications using a flaw in the Kernel on machines with vulnerable processor’s (Intel, Apple). It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible.
How to Enable Protection for On-premise and Cloud Environments:
Microsoft has provided instructions for recommended actions that enable protection of servers against these vulnerabilities. Some of these are detailed in the following link: Microsoft Protections Against Meltdown and Spectre
Impact to Enterprise Cloud Services:
Microsoft has provided updates of the impact of these flaws on enterprise cloud services in the following link: Impact to Enterprise Cloud Services
Amazon Web Services Linux Protection Recommendations:
All instances across the Amazon EC2 fleet are protected from all known threat vectors from the CVEs previously listed. Customers’ instances are protected against these threats from other instances. We have not observed meaningful performance impact for the overwhelming majority of EC2 workloads. The following link provides further recommendations and updates.
Recommended Customer Actions for AWS
It must be added that Public Cloud providers like Microsoft Azure and Amazon AWS are well ahead of the curve when it comes to security. Cloud providers got on top of this way before most of the industry.Public Cloud providers like Amazon AWS and Microsoft Azure are also much safer than on-premise sites considering that they employ a large and formidable army of security professionals and resources.
Personal computer users are also strongly advised to immediately download and install patches and updates available for their operating systems.