This is an update from the RM support team to make you aware of the recent vulnerability making headlines and what RM are doing about it to inform and help protect our customers. The current message from RM can be found here: https://support.rm.com/TechnicalArticle.asp?cref=TEC6034048. Please check back on this technical article as we will use it to update you with our latest advice.

On 03/01/2018 the details emerged of a number of vulnerabilities known as speculative execution side-channel attacks, or more commonly Meltdown or Spectre, which affect most modern processors and operating systems.

How serious is it?

There are two main newsworthy vulnerabilities –

  • Meltdown - Allows code running in a non-privileged context to access privileged kernel memory. Potentially any running code – including JavaScript on web pages can access protected memory and read or interfere with sensitive information such as passwords, keys, tickets etc. It also could allow a virtual machine to access the memory of the hypervisor, both locally and in cloud services.

    What does this mean? A program run by the user intentionally or unintentionally can access parts of the computer systems memory they should not be able to – including seeing other users on the systems’ data or key operating system data that should be kept secret.

  • Spectre - Allows, among other things, user-mode applications to extract information from other processes running on the same system. Alternatively, it can be used by code to extract information from its own process. (so a javascript program that can then read sensitive cookie and state information for other websites the user uses). Again it also could allow a virtual machine to access the memory of the hypervisor, both locally and in cloud services.

    What does this mean? A program run by the user intentionally or unintentionally can access privileged data about processes on the computer its running on.

What is the risk?

Someone does have to click or run some sort of code (though a malicious advertisement on a website is likely to be a vector, along with normal “click on me” email campaigns). These vulnerabilities are of the sort that someone breaching a network (or a user on a network) is looking to escalate their privileges or steal information. So malicious tools are likely to be available for the nefarious network users out there.

User training around not clicking on unknown attachments and links, as always, is key.

The risk right now is low – both issues have no known (at time of writing) active exploits or tools in the wild – this will change over time. So likelihood of attack is low, but will grow over time.

The impact if a machine was attacked varies depending on the context – a user on a standalone PC could have their own data and password’s stolen – though this is currently a slow process it is still possible and could impact that user severely. If the same user on a remote access server was attacked then impact can be far greater as the attacker could compromise all users on that system and further compromise the infrastructure and other servers.

So while the risk is low right now – over time this issue becomes more serious and could have significant repercussions if left unpatched on certain devices, servers, virtual infrastructure, MIS and financial systems and key computers.

These vulnerabilities are of the sort that someone breaching a network (or a user on a network) is looking to escalate their privileges or steal information.

http://www.bbc.co.uk/news/technology-42562303

https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/

The latest advice from RM can be found here: https://support.rm.com/TechnicalArticle.asp?cref=TEC6034048




Post Comment

Blog Comments

back to top button Let's talk