Threat Response: UPDATE – Spectre Intel CPU Vulnerability



In 2018, we wrote about a vulnerability in Intel processors called Spectre, which can be used to hijack applications and steal data. Recently, functional Spectre (CVE-2017-5753) exploits have been leaked [1][2]. This concerns an exploit for Linux and an exploit for Windows.

Spectre allows untrusted code to read the memory of the whole process. This allows Javascript from a website to read the entire browser memory. Virtually all modern processors are vulnerable to this attack and it cannot be resolved without replacing the hardware. Processors try to predict which instructions need to be executed and execute them in advance (as a speed optimisation). If it turns out that instructions have been predicted wrongly, the results will be discarded. However, because of design errors in the hardware, these instructions still result in measurable side effects. By measuring these side effects, the contents of the memory can be read. The vulnerability can be mitigated with changes to specific software to make it more difficult or almost impossible to measure these side effects.

The recently leaked exploits enable reading arbitrary files on compromised devices. For example /etc/shadow on Linux or Kerberos Tickets on Windows[3]. Furthermore, the Spectre vulnerability allows adversaries to perform additional attacks, such as obtaining credentials and session-cookies through Javascript-code.

Among the vulnerable systems for these exploits are: Fedora 24-27, Ubuntu 14.04-18.10, Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2012. Later software versions have mitigations against spectre.

Since this attack can be used to bypass authentication or steal data, we assess the impact as high.

Due to the recently leaked exploits the risk of abuse of these vulnerabilities in short term is high.

Shortly after publication of CVE-2017-5753 patches for all major operating systems and browsers have been released. Northwave strongly recommends to apply the released patches or replace unsupported systems if you have not already done so. No other methods for mitigation are known at this point.


Northwave will monitor any developments regarding this vulnerability. If new critical information about this threat arises, we will reach out to you. If you need additional information you can call us by phone or send us an email.

E-mail: [email protected]
Do you have an incident right now? Call our CERT number: +31 (0)85 043 7909 or 0800-1744 (alleen vanuit Nederland)

Disclaimer applies, see below.






Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.