This is an update from the RM support team to make you aware of the recent vulnerability making headlines and what RM are doing about it to inform and help protect our customers. The current message from RM can be found here: https://support.rm.com/TechnicalArticle.asp?cref=TEC6034048. Please check back on this technical article as we will use it to update you with our latest advice.

On 03/01/2018 the details emerged of a number of vulnerabilities known as speculative execution side-channel attacks, or more commonly Meltdown and Spectre, which affect most modern processors and operating systems.

How serious is it?

There are two main vulnerabilities –

  • Meltdown - Allows code running in a non-privileged context to access privileged kernel memory. Potentially any running code, including JavaScript on web pages, can access protected memory and read or interfere with sensitive information such as passwords, keys, tickets etc. It also could allow a virtual machine to access the memory of the hypervisor, both locally and in cloud services.

    What does this mean? A malicious program run by the user either intentionally or unintentionally could potentially access parts of the computer system's memory they should not be able to – including seeing other users' data on the system and key operating system data that should be kept secret.

  • Spectre - Can allow user-mode applications to extract information from other processes running on the same system. Alternatively, it can be used by code to extract information from its own process (so a JavaScript program could then read sensitive cookie and state information for other websites the user uses). It could also allow a virtual machine to access the memory of the hypervisor, both locally and in cloud services.

    What does this mean? A malicious program run by the user either intentionally or unintentionally could potentially access privileged data about processes on the computer it is running on.

What is the risk?

Someone does have to click or run some sort of code (though a malicious advertisement on a website is likely to be a vector, along with normal “click on me” email campaigns). These vulnerabilities are of the sort that someone breaching a network (or a user on a network) is looking to escalate their privileges or steal information, so malicious tools are likely to be available for the nefarious network users out there.

User training around not clicking on unknown attachments and links, as always, is key.

The risk right now is low – at the time of writing, neither issue has any known active exploits or tools available in the wild – but this will change over time. The likelihood of an attack is low but will grow over time.

If a machine was attacked the impact varies depending on the context – a user on a standalone PC could have their own data and passwords stolen – though this is currently a slow process it is still possible and could impact that user severely. If the same user on a remote access server was attacked then the impact can be far greater as the attacker could compromise all users on that system and further compromise the infrastructure and other servers.

So while the risk is low right now – over time this issue becomes more serious and could have significant repercussions if left unpatched on certain devices, servers, virtual infrastructure, MIS and financial systems, and key computers.

These vulnerabilities are of the sort that someone breaching a network (or a user on a network) is looking to escalate their privileges or steal information.

http://www.bbc.co.uk/news/technology-42562303

https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/

The latest advice from RM can be found here: https://support.rm.com/TechnicalArticle.asp?cref=TEC6034048




Post Comment

Blog Comments

back to top button Let's talk