Serious vulnerabilities in processors from leading manufacturers

We have started 2018 with alarming news that affects the majority of processors of almost all manufacturers, especially the most used of all, Intel, but also AMD and ARM, although to a lesser extent.

Three serious vulnerabilities have been discovered, which allow a process running with low privileges (user) to read areas of memory reserved for processes with higher privileges (administrator) or even areas of the operating system kernel.

Solutions

In short, every modern processor is affected to a greater or lesser extent. For these vulnerabilities the recommended solution is to update the operating system. The truth is that ordinary users can’t do much more either. It’s clear that you’re not going to throw away the processor, or replace it with another modern model probably just as vulnerable.

In any case, the patches that operating systems can offer will be basically restricted to preventing the exploitation of one of the three vulnerabilities, known as Meltdown (CVE-2017-5754). The other two, under the name Spectre (CVE-2017-5753 and CVE-2017-5715) cannot be completely mitigated despite the patches that come out, although the ease with which they are exploited can be made difficult.

The incidence of these vulnerabilities mainly affects servers that run multiple processes of multiple users, since it is possible to access the information of other users through these vulnerabilities. For the average user, keeping the operating system and an antivirus updated is enough.

The biggest problem for large global hosting providers (Amazon AWS, Azure, Google, etc.), and Cloud services in private Datacenters, is the more than likely decrease in performance caused by patches for these vulnerabilities, encrypted by up to 30% drop in processor performance.

We’ll see how these big service providers react, and if the market is going to punish Intel in any way.

Every modern processor is affected to a greater or lesser extent

José Manuel Suárez

Genetsis IT

José Manuel Suárez

Genetsis IT

      

      

Share This