Azure Sentinel is a cloud SIEM and SOAR. It is therefore used for the supervision of a customer environment, from which it...
Meltdown and Specter security issues in processorsLukas Beran
Meltdown security issue (CVE-2017-5754) applies to all Intel processors since 1995, except for older Intel Atom processors and Itanium processors. This processor error causes ability to read privileged memory, which is a very significant security risk.
Second security issue Specter (CVE-2017-5753 and CVE-2017-5715) applies to all Intel, AMD, and ARM processors. In addition to computers and servers, mobile phones, tablets and many other devices with ARM processors are also at risk. Specter security issue is simplistically very similar to the Meltdown error because it allows a side channel to read the contents of a foreign memory (memory belonging to other processes).
But the good news is that system updates that fundamentally eliminate the possibility of misuse of the issues are already available for Windows, MacOS, iOS, Android and Linux. Hardware-level patches are underway, and for example, Intel has announced it will provide a fix for all the processors manufactured during the last 5 years by mid January 2018. However, a real-power fix requires a change in processor architecture and will be available only for new models.
Update fixing Meltdown and Specter vulnerabilities
For supported Windows desktop systems, the update is available under KB4073119. For server systems, it is available under KB4072698.
You can check the status of your system using PowerShell. First, you need to enable running remotely signed scripts
Now we can install and import the required module
At this point, we can test the system and hardware directly
The listing also includes recommendations for additional actions, such as installing a system update or a device BIOS/firmware. The ideal state is that the entire listing should be green – in which case you have both system security updates and BIOS/firmware updates from the hardware manufacturer installed. Hardware manufacturers will release their updates in the near future. For example, Microsoft released a firmware update along with a system update on Surface. Lenovo released an update at least for some models (T470s) already on January 9.
Impact of Meltdown and Specter on performance
Because the update deactivates the feature that processors use to significantly speed up some operations, of course, the question is what real impact this will have on performance.
Fortunately, it turns out that the real impact on performance is very small in normal use. There is no difference in performance in games, as is the case with videos and photos. For ordinary office work, there is also no difference. The difference is apparent only when working with archives where the speed may be reduced by about 10%. However, the biggest performance problem is on servers, where I/O operations (database and file servers) are down by 35-40%, which is a very significant difference.
Side effects after the update
Vulnerabilities, or vulnerability repairs, have not only a negative impact on CPU performance but also other issues. After Microsoft released patches for Windows, there were problems with computers running older versions of antivirus programs. Antiviruses are, by virtue of their functioning, “detained” very deeply in the system and therefore must be fully compatible with the operating system and all its updates, as is the case with drivers. Antiviruses also need to call some kernel instructions for their operation, which makes these updates impossible. If an application calls some kernel instructions after installing this security update, it could cause the system to fall to a blue screen of death (BSOD).
Therefore, antivirus programs in new releases write a special key to the Windows registry and, prior to installing this security update, Windows Update verifies that the device is ready for update based on the presence of this key. If the registry key is not written, the Windows update does not install. All current versions of commonly used antivirus programs are already compatible and write the necessary information to the Windows registry. This, of course, also applies to the integrated Windows Defender, which is preinstalled on all Windows 10 computers.