January 25th, 2018
Further to our recent update here, a few weeks have passed and the picture is slowy becoming clearer on what the industry is doing about Meltdown and Spectre and it’s all a bit of a mess, to be honest.
A quick recap – proof of concepts are out there that expose flaws in Intel chipsets (not just Intel though) which could expose data such as passwords and other private or sensitive information from our computers and servers. No known exploits have been reported in the wild as yet but in my opinion, it is just a matter of time.
Microsoft and other vendors have released patches then subsequently revoked them and advised users not to install them until further notice. Other reports are showing performance decreases depending on workloads. – See here, here, here and here.
How you even get these patches is a bit of a mess but stay with me here. Microsoft quickly discovered issues with the initial patches and stopped them from being applied to servers and workstations and shifted the onus onto AV vendors.
The reason for this is modern AV vendors are so deeply integrated into the Operating System these days that the patches caused blue screens and reboot loops, which no one wants.
The AV vendors have been busy testing their software and applying their own updates but this is taking time to roll out. Until they update some registry keys on machines you won’t see the patches from Microsoft. (I told you it was a mess!)
CMI have written some scripts to survey our own and our customers systems and we can confirm that approximately 1/3 of our clients have the necessary registry keys for us or themselves to apply the relevant patches. Most AV vendors now support the Microsoft patches but they are slowly rolling out the updates to make sure they don’t get overwhelmed with support if something goes wrong. If you want a status update on your readiness please contact your customer service advisor at CMI as we can produce an asset report and if required, force the registry key needed to receive the patches. We are not forcing the registry changes as we also do not want to introduce instabilities and as far as we know there are no active exploits in the wild.
The industry advises that this will not be the end of the updates, as with the patches come new issues that also will require further patches. In addition there will also be direct firmware or in some cases microcode updates that need applied. These require a bit more control and testing. From what we know at this stage Microsoft will be delivering these by the normal Windows updates methods in due course (no dates as yet). Incidentally the last time Microsoft did this was in 2015. As stated above some vendors released some early updates and caused fairly big issues so we hope they get it right and not make the situation worse.
Until the industry gets this sorted AV vendors and intrusion protection services are updating their systems to help stop attacks at the perimeters of networks. So as before, update your staff on the dangers and be vigilant as there has been some fake software out there that pretends to fix MELTDOWN and SPECTRE but really installs other malware.
We will try to keep our customers up to date as new information comes out but the best advice is not panic and work with us on making sure your systems are patched, your browsers are patched and you have endpoint and perimeter defence systems to help mitigate the issues.
If you are worried about this and want to talk please give us a ring or email firstname.lastname@example.org to discuss this very fluid situation.