Threat Response: UPDATE – Spectre Intel CPU Vulnerability
In 2018, we wrote about a vulnerability in Intel processors called Spectre, which can be used to hijack applications and steal data. Recently, functional Spectre (CVE-2017-5753) exploits have been leaked . This concerns an exploit for Linux and an exploit for Windows.
The recently leaked exploits enable reading arbitrary files on compromised devices. For example
Among the vulnerable systems for these exploits are: Fedora 24-27, Ubuntu 14.04-18.10, Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2012. Later software versions have mitigations against spectre.
Since this attack can be used to bypass authentication or steal data, we assess the impact as high.
Due to the recently leaked exploits the risk of abuse of these vulnerabilities in short term is high.
Shortly after publication of CVE-2017-5753 patches for all major operating systems and browsers have been released. Northwave strongly recommends to apply the released patches or replace unsupported systems if you have not already done so. No other methods for mitigation are known at this point.
Northwave will monitor any developments regarding this vulnerability. If new critical information about this threat arises, we will reach out to you. If you need additional information you can call us by phone or send us an email.
E-mail: [email protected]
Do you have an incident right now? Call our CERT number: +31 (0)85 043 7909 or 0800-1744 (alleen vanuit Nederland)
Disclaimer applies, see below.
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.