Everybody is by now aware of the vulnerabilities baked in to many modern processors. These vulnerabilities, called Meltdown and Spectre, can potentially allow for malicious software to extract data from the kernel memory of an affected system. This is memory that would normally be used to store information in a secure manner to prevent other applications from accessing it. These vulnerabilities potentially affect every processor released in well over a decade that support specific optimizations intended to speed up the operation of the processor.
So how does this work?
These exploits work by attempting to force the processor to run a number of instructions that access areas of memory would not normally be accessible speculatively (out of order) so that the results of those instructions wind up getting saved in the CPU’s cache. When the CPU catches up to the instructions that were run out of order and realizes that they should not have had access to that data it will abort those instructions, but the information in the CPU cache may still be changed.
The attackers can then leverage other exploits to extract this data from the CPU Cache and view information that may have been contained in areas of the systems memory that they would not normally have access to – including possibly reaching outside of a virtual machine and into the host – or other virtual machines on the same host.
Who’s vulnerable?
In theory any processor that supposed speculative execution is going to be vulnerable in some way. Some CPU architectures are built in a way that makes them more susceptible to the issues than others, but most CPU’s built in recent memory – including the ones in your mobile devices are susceptible – at least on paper.
What needs to be done to protect against this?
First off keep in mind that the sky is not falling, these issues are bad but there are things that can be done to mitigate the issue
- Ensure any patches for the operating system are installed to protect / mitigate against the issue.
- Check with your hardware vendor for any questions on the systems that you have and if they are affected.
- Ensure any firmware updates / microcode updates appropriate to your systems are installed as soon as possible.
While you are waiting for the appropriate firmware updates to come from your hardware vendor it’s more important than ever to protect yourself with a comprehensive security plan, including a updated antivirus solution, application whitelisting, and of course Deep Freeze.
How does this impact Faronics Products?
Faronics has re-tested Deep Freeze Enterprise, Deep Freeze Cloud and Faronics Anti-Virus to make sure that our products are not affected by the respective WIndows update patch and the results are positive. No updates are required at this time.
Microsoft has implemented a requirement in the January 3rd patches for this issue that requires antivirus vendors set a specific set of registry keys before the patch can be installed. Our team has been working to validate this patch over the last several days and we have found no issue with having Faronics Anti-Virus installed when this patch is placed into a system.
We have updated our cloud based platform so that the appropriate registry keys are put in place on customers systems automatically the next time the machine is thawed. Once this is completed, updates can either be installed using the workstation tasks of the Deep Freeze service, or manually if desired. Cloud customers can also use the Software Updater feature of the platform to push out the updated versions of Chrome, and Firefox released over the last several days that include additional mitigation against these attacks.
For customers running the on-premise version of the software they can either set the key manually using a 3rd party tool or you can download and use a patch that we have developed for this purpose. As always, if you have Deep Freeze installed you will need to thaw the machine prior to setting the registry key or running the utility linked above.
This utility can be pushed using the Remote Launch capabilities of both the Deep Freeze Enterprise Console, or Faronics Core Console.
Once this registry value is in place you can run Windows Update using Deep Freeze Cloud, or through the Enterprise Console to get the update installed and in place on your systems. Customers running Deep Freeze Standard will need to manually update once the registry key is in place.
Customers running macOS can simply install the appropriate patches from Apple on their devices either through a manual process of thaw, install, and freeze, or using the Maintenance Schedule in the Deep Freeze Mac product to install and update the systems without intervention.