Everyone knows that something “big” is happening in the computer security world. Heck, if you have an Intel processor, it’s very much likely that you can be hacked by the recent vulnerabilities reported as Spectre and Meltdown.
Update It’s not only Intel, but all major processors have this bug reported including AMD and ARM.

What is Spectre and Meltdown anyway ?

Meltdown and Spectre take advantage of the speculative execution performance feature in modern CPUs; and hackers will be able to access the memory of virtually all computers and devices.

It was first identified in Intel processors only. However, AMD reported the vulnerability also affects their processor range, but on a lower level due to architectural differences.

On layman’s terms, a hacker can use this vulnerability to access the otherwise inaccessible locations in system memory, and steal data. The data in the kernel level memory can be accessed; which means your personal information including emails, passwords, chats etc will be opened up for the hacker.

The hack occurs at the Kernel level or the hardware level; it’s not in C, JAVA, Python, ASP.NET or any application level which makes an antivirus or an anti-malware to simply sit there and enjoy the scene.

Three types of exploits have been disclosed.

CVE-2017-5754 : This exploit uses speculative cache loading to enable a local attacker to read the contents of memory. This issue is corrected with kernel patches.”

CVE-2017-5753 : is a Bounds-checking exploit during branching. This issue is corrected with kernel patches.”

CVE-2017-5715 : is an indirect branching poisoning attack that can lead to data leakage. This attack allows for a virtual guest to read memory from the host system. This issue is corrected with microcode, along with kernel and virtualization updates to both guest and host virtualization software.”

Spectre and Meltdown effect in Webhosting industry and the exploits.

Wondering how these exploits can affect the hosting industry? On a virtual environment or a shared hosting environment, one physical machine is divided into different virtual machines where different users run different programs. If one of such virtual machines is compromised, the attacker can steal all the data from the memory shared by the applications and VMs.

Major cloud providers like AWS, Azure, and Google Cloud should have updated their machines on the hypervisor or host OS levels. It’s the customers’ responsibility to apply patches on the guest OS level.

WordPress hosting providers like WPengine should be more worried about this vulnerability. They do not work on a Host OS-Guest OS Virtual environment (at least at the customer end). They have built their own high performance infrastructure. Here, one physical machine shares memory with different WordPress installations. Hence, an attacker can steal the data in the memory of all WordPress installations on that computer.

All major control panel servers including cPanel, Plesk, Directadmin etc which runs on these CPU’s should be updated with latest Kernel.

All these imply that close to 70% of today’s computers are vulnerable.

Am I affected ?

You should not be, but there is ‘no time for caution Cooper’. If your OS is not running on the latest Kernel , it should be patched with the latest updates.

Here is how you can apply the patches.

Microsoft has already released an out-of-usual security update (KB4056892) for Windows 10 and Windows server versions to address the Meltdown issue and will be releasing patches for Windows 7 and Windows 8 on January 9th.
If you have an antivirus installed, there is a high probability of unsuccessful outcome as Kernel level changes can be restricted. Microsoft says “The compatibility issue is caused when antivirus applications make unsupported calls into Windows kernel memory,” Microsoft noted in a blog post. “These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot.”
Turn off the antivirus and enable Windows Defender or Microsoft Essentials.

Update : Update: Microsoft update for AMD have reported bugs that make the machines unbootable, necessitating reinstallation. It’s highly recommended to wait for newer Microsoft patches.

For Linux distros, our primary advice is to check your kernel version against the list of known patches. Update to the recommended patch, and reboot your server.

Please refer the below documentation, and select the patches for your OS.

For CentOS and Redhat

Find if you require a Kernel upgrade.

# rpm -q kernel | tail -n1
kernel-3.10.0-693.11.6.el7.x86_64

If your kernel version is not equal or lower than “kernel-3.10.0-693.11.6.el7.x86_64” you should upgrade it.

More on OS patches.

Here is a list of major Linux distributions notes on how they are tackling Spectre and Meltdown.

RedHat/CentOS

https://access.redhat.com/security/vulnerabilities/speculativeexecution

RedHat/CentOS 6

https://access.redhat.com/errata/RHSA-2018:0008
https://access.redhat.com/errata/RHSA-2018:0024
https://access.redhat.com/errata/RHSA-2018:0030

RedHat/CentOS 7

https://access.redhat.com/errata/RHSA-2018:0007
https://access.redhat.com/errata/RHSA-2018:0016
https://access.redhat.com/errata/RHSA-2018:0029
https://access.redhat.com/errata/RHSA-2018:0023
https://access.redhat.com/errata/RHBA-2018:0042

Ubuntu

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
Ubuntu 16.04 LTS https://usn.ubuntu.com/usn/usn-3522-1/
Ubuntu 17.10 https://usn.ubuntu.com/usn/usn-3523-1/
Ubuntu 14.04 LTS https://usn.ubuntu.com/usn/usn-3524-1/

Cloud Linux

https://www.cloudlinux.com/cloudlinux-os-blog/entry/intel-cpu-bug-kernelcare-and-cloudlinux

Debian

https://security-tracker.debian.org/tracker/CVE-2017-5753
https://security-tracker.debian.org/tracker/CVE-2017-5715
https://security-tracker.debian.org/tracker/CVE-2017-5754

Arch Linux

https://security.archlinux.org/CVE-2017-5753
https://security.archlinux.org/CVE-2017-5715

https://security.archlinux.org/CVE-2017-5754

openSUSE leap 42.2

https://www.suse.com/security/cve/CVE-2017-5753
https://www.suse.com/security/cve/CVE-2017-5715
https://www.suse.com/security/cve/CVE-2017-5754

It’s difficult to predict the damage caused by these bugs at this moment, however a bug like this was not reported in the history of Computing.

Ginto
Author : Ginto
Written on : 10 Jan, 2018

Who we are ?

Founded in 2010, we are a team of a sysadmins with super awesome server management skills who likes to give super quality support at super affordable price.

Services