Susan Bradley here for CSO Online. With a bit of an update regarding the spectre/meltdown issue. We started out back in January 2018 with just spectre and meltdown. These vulnerabilities are referred to a side channel vulnerabilities they exploit weaknesses in speculative.
Execution to leak unauthorized information. They also target account permissions,virtualization boundaries and protected memory regions which can be bypassed via exploitation. There’s not one single update that you can install that protects for everything. It’s a combination of firmware and operating system updates. And it also doesn’t just impact Intel it also impacts AMD. and Nvidia. Think of anything that has a processor or chip so you may need to do some investigation in your environment. Right now I’m going to just focus on windows and specifically on Intel and AMD.
Keep in mind there are specific registry keys just for Intel and just for AMD. So you may need to look to see which ones you need for your environment. For example here to enable the fixes for just for Specter variant 2 and meltdown there’s three registry keys you need to add. If instead you want to add protection for speculative store bypass Spectre 2 and meltdown V3 there is a slightly different set of registry entries you need to add. Now once you’ve set these registry entries you want to check the status of it. Now I’m doing this on a plain vanilla server 2016 where I’ve done not done any mitigation whatsoever right now. And you want to install the module speculative speculation control. This is enabled on Server 2016 and 2019. For older servers you’ll need to go to TechNet and download the script there. You want to install the module on the server. And make sure it’s enabled. Once you’ve set the power shell script policy you want to import the module and then go ahead and run it on your server. And see what the resulting settings are. Again this is on a default. I have not done anything to this server this is a server in HyperV hosted. And you can see that I actually am not fully protected.
Depending on your environment that may be okay. There are some performance hits when you do enable these mitigations. So check with your environment. Check with your own risk level. Check to see if your devices and firewalls at the border to see if they have settings or if they can determine if you’re being attacked by these. And keep in mind that as of right now to the best of my knowledge I have not seen any active in the wild attacks using these speculations side technologies. There is a lot of proof of concepts out there. There’s a lot of information about these kinds of attacks but I’m honestly not seen a true active in the wild attacks using these types of attacks. So if you feel comfortable with not enabling everything because of performance issues. That’s OK that’s the risk and analysis you need to do in your environment. So until next time this is Susan Bradley for CSO Online. Thank you for being an insider.