[Updated] Meltdown and Spectre threats: what you need to know

That start of the year could have been better, tech-wise, since one of the biggest security flaws in computing history was made public, affecting almost all computers on the planet, and what’s worse: it’s a hardware-flaw so it can’t be fixed, or can it?

This blog is intended as a go-to place to track back on the news, fixes, tools and basically everything there is to know about these CPU vulnerabilities which are called ‘Meltdown’ and ‘Spectre’. I intend to update this post with more links to interesting new findings as this story develops…

First of all: what is Meltdown and Spectre?

For the first time in history (as far as I can recall anyway) a security flaw has been discovered in hardware instead of the software running on it. The most important hardware of all in fact: the CPU that runs your computer. The threat affects basically any CPU on the market (even the CPU’s of mobile devices!!), with the Meltdown threat seemingly mainly aimed at Intel silicon specifically.

In this comprehensive article from ArsTechnica you can read up all about how the flaws work and how and if they can be patched:

“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws

“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws

Immediate concern is for Intel chips, but everyone is at risk.

“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws

Check if you’re protected

Windows Central has cooked up a pretty comprehensive tutorial on checking your system for these vulnerabilities, and that includes a guide and explanation on how to fix the vulnerabilities. They note that several patches have to be in place before you can be considered safe, like BIOS/UEFI updates as wel as OS patches. And make sure to deactivate your AntiVirus application if it is a third party one…

How to check if your PC is protected from the Meltdown and Spectre exploits

How to check if your PC is protected from the Meltdown and Spectre exploits

In this guide, we show you the steps to make sure your device has the necessary patches against Meltdown and Spectre security flaws found in modern microprocessors, and we’ll tell you what to do if your PC is still vulnerable.

How to check if your PC is protected from the Meltdown and Spectre exploits

Performance impact

Since these Meltdown and Spectre and their corresponding patches became public, much talk has been going on about the performance impact. Because said patches would affect your computer with up to a 30% performance decrease. Shortly after all this buzz Microsoft had its first telemetry data available and published data on how exactly this performance impact pans out for various specific combinations of silicon and Windows versions. Go check it out (and a lot more other info) here in an extensive blog-post from Terry Myerson (Microsoft exec.):

Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems

Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems

Last week the technology industry and many of our customers learned of new vulnerabilities in the hardware chips that power phones, PCs and servers. We (and others in the industry) had learned of this vulnerability under nondisclosure agreement several months ago and immediately began developing engineering mitigations and updating our cloud infrastructure. In this blog,

Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems

Careful with AMD CPU’s!

It appears that even AMD CPU’s were affected and the OS level patches that Microsoft rolled out to AMD powered PC’s didn’t really help out, because it caused some AMD systems to run into BSOD’s after that. Since that MSFT has paused these mitigations and is researching the issue. Meanwhile AMD itself has reported that they will release some Spectre (firmware) mitigations of themselves, starting this week:

AMD will issue Spectre fixes of its own starting this week

AMD will issue Spectre fixes of its own starting this week

AMD will begin issuing optional updates to guard against Spectre vulnerabilities later this week, the company said in a new blog post.

AMD will issue Spectre fixes of its own starting this week

Intel released a fix for Spectre, but a botched one…

The most severe of the threats -Spectre- has to be fixed on a BIOS / Firmware level, so by Intel. But as Intel is not a software company, it did quite a horrible job at coding a fix, even causing BSOD’s in a lot of cases. The patch was in fact so buggy that Microsoft had to jump in and disable it via a counter patch to protect its Windows users from it.
Anyway, read all about that here on the linked story below:

Microsoft patch deactivates Intel’s buggy Spectre fix

Microsoft patch deactivates Intel’s buggy Spectre fix

An out of band patch released by Microsoft over the weekend disables Intel’s buggy Spectre patch.

Microsoft patch deactivates Intel’s buggy Spectre fix

Another Intel exploit surfaces…

And if Meltdown and Spectre weren’t enough, FSecure has unearthed another vulnerability regarding Intel driven systems. The new vulnerability was found in Intel Active Management Technology (AMT) that allowed any hacker to bypass the login and security screen to gain access in just 30 seconds. However, before you start panicking about this quite severe threat, you need to know that anyone who want’s to exploit this, needs physical access to you computer to get into the BIOS. Even then, if your BIOS has been locked with a secure password (not the default ‘admin’ or alike), the hacker is not gonna get in…

Again, read more about it in this MSpoweruser article:

New Intel issue will let hackers gain full access to your PC in 30 seconds – MSPoweruser

New Intel issue will let hackers gain full access to your PC in 30 seconds – MSPoweruser

While the world was recovering from the Meltdown and Spectre vulnerabilities, F-Secure found a new security issue which will allow hackers to gain full control of the laptops in merely 30 seconds. The new vulnerability was found in Intel Active Management Technology (AMT) that allowed any hacker to bypass the login and security screen to gain …

New Intel issue will let hackers gain full access to your PC in 30 seconds – MSPoweruser

Update: Upcoming Intel chips will be redesigned to guard against Spectre and Meltdown

Finally, after over two months since the Spectre and Meltdown vulnerabilities were disclosed, the CEO of Intel has confirmed that it’s working on mitigating these vulnerabilities on the actual architectural level, by means of ‘partitioning’, of it’s upcoming Xeon and eight generation Core processors which will become available later this year:

Intel is redesigning its processors to guard against Meltdown and Spectre

Intel is redesigning its processors to guard against Meltdown and Spectre

Intel is going down to the hardware level to guard against Spectre with its upcoming processors.

Intel is redesigning its processors to guard against Meltdown and Spectre