Threat Response: UPDATE – Spectre Intel CPU Vulnerability

2-03-2021

A SAFE DIGITAL JOURNEY

In 2018, we wrote about a vulnerability in Intel processors called Spectre, which can be used to hijack applications and steal data. Recently, functional Spectre (CVE-2017-5753) exploits have been leaked [1][2]. This concerns an exploit for Linux and an exploit for Windows.

Spectre allows untrusted code to read the memory of the whole process. This allows Javascript from a website to read the entire browser memory. Virtually all modern processors are vulnerable to this attack and it cannot be resolved without replacing the hardware. Processors try to predict which instructions need to be executed and execute them in advance (as a speed optimisation). If it turns out that instructions have been predicted wrongly, the results will be discarded. However, because of design errors in the hardware, these instructions still result in measurable side effects. By measuring these side effects, the contents of the memory can be read. The vulnerability can be mitigated with changes to specific software to make it more difficult or almost impossible to measure these side effects.

Impact
The recently leaked exploits enable reading arbitrary files on compromised devices. For example /etc/shadow on Linux or Kerberos Tickets on Windows[3]. Furthermore, the Spectre vulnerability allows adversaries to perform additional attacks, such as obtaining credentials and session-cookies through Javascript-code.

Among the vulnerable systems for these exploits are: Fedora 24-27, Ubuntu 14.04-18.10, Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2012. Later software versions have mitigations against spectre.

Since this attack can be used to bypass authentication or steal data, we assess the impact as high.

Risk
Due to the recently leaked exploits the risk of abuse of these vulnerabilities in short term is high.

Mitigation
Shortly after publication of CVE-2017-5753 patches for all major operating systems and browsers have been released. Northwave strongly recommends to apply the released patches or replace unsupported systems if you have not already done so. No other methods for mitigation are known at this point.

Northwave

Northwave will monitor any developments regarding this vulnerability. If new critical information about this threat arises, we will reach out to you. If you need additional information you can call us by phone or send us an email.

Phone number: +31 (0)30-303 1244 (during business hours)
E-mail: [email protected]
Do you have an incident right now? Call our CERT number: +31 (0)85-0437 909 or 0800-1744 (alleen vanuit Nederland)

Disclaimer applies, see below.

Sources

[1]: https://dustri.org/b/spectre-exploits-in-the-wild.html

[2]: https://www.reddit.com/r/netsec/comments/lv5qal/spectre_exploits_in_the_wild/gpb82ly/

[3]: https://vulners.com/canvas/SPECTRE_FILE_LEAK

 

Disclaimer
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.