Delaware, USA – January 4, 2018 – Several teams of security researchers independently found critical vulnerabilities in processors that allow malware to steal data from memory and other running programs. Vulnerability CVE-2017-5754 is called Meltdown, it affects almost all Intel processors. With its help, attackers can read the kernel memory and steal any data found, including credentials or sensitive documents. Several software security patches are already released to secure systems against this Intel CPU flaw. Vulnerabilities CVE-2017-5753 and CVE-2017-5715 collectively named Spectre. They are much more difficult to exploit, but it also hard to protect systems from such attacks that affect Intel, AMD and ARM processors.
To protect against these attacks, you should monitor the releases of security updates and install them as they become available. Microsoft released a security update for Windows 10 and promised to release updates for other operating systems on January 9. MacOS 10.13.2 partially solved the problem with this threats. Google also has already released updates and recommendations to protect against these attacks. For systems running Linux, you need to install the KPTI patch.
After publishing the details of Meltdown and Spectre vulnerabilities, experts expect a surge in attacks with their use. Currently, it is almost impossible to detect exploitation of these vulnerabilities, and these attacks leave no traces in the log files. SOC Prime team is working on updating APT Framework (Advanced and Basic use cases) for ArcSight, QRadar and Splunk to help SIEM administrators observe hosts vulnerable to known CVEs.