I just finished checking my network and, sure enough, every one of the PCs (running Windows Server 2012 R2) has the SPECTRE vulnerability. Your home PCs probably have it too.
If any of you are interested, the guidance given for its "solution" is as follows:
The remote Windows host is missing security update 4056898.
It is, therefore, affected by multiple vulnerabilities :
- A vulnerability exists within microprocessors utilizing
speculative execution and indirect branch prediction,
which may allow an attacker with local user access to
disclose information via a side-channel analysis.
(CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
- An elevation of privilege vulnerability exists in
Windows Adobe Type Manager Font Driver (ATMFD.dll) when
it fails to properly handle objects in memory. An
attacker who successfully exploited this vulnerability
could execute arbitrary code and take control of an
affected system. An attacker could then install
programs; view, change, or delete data; or create new
accounts with full user rights. (CVE-2018-0788 )
- An elevation of privilege vulnerability exists when the
Windows kernel fails to properly handle objects in
memory. An attacker who successfully exploited this
vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change,
or delete data; or create new accounts with full user
rights. (CVE-2018-0744)
- An information disclosure vulnerability exists in the
Windows kernel that could allow an attacker to retrieve
information that could lead to a Kernel Address Space
Layout Randomization (ASLR) bypass. An attacker who
successfully exploited the vulnerability could retrieve
the memory address of a kernel object. (CVE-2018-0746,
CVE-2018-0747)
- An information disclosure vulnerability exists in
Windows Adobe Type Manager Font Driver (ATMFD.dll) when
it fails to properly handle objects in memory. An
attacker who successfully exploited this vulnerability
could potentially read data that was not intended to be
disclosed. Note that this vulnerability would not allow
an attacker to execute code or to elevate their user
rights directly, but it could be used to obtain
information that could be used to try to further
compromise the affected system. (CVE-2018-0754)
- A remote code execution vulnerability exists in the way
the scripting engine handles objects in memory in
Microsoft browsers. The vulnerability could corrupt
memory in such a way that an attacker could execute
arbitrary code in the context of the current user. An
attacker who successfully exploited the vulnerability
could gain the same user rights as the current user.
(CVE-2018-0762, CVE-2018-0772)
- An elevation of privilege vulnerability exists in the
way that the Windows Kernel API enforces permissions. An
attacker who successfully exploited the vulnerability
could impersonate processes, interject cross-process
communication, or interrupt system functionality.
(CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)
- An elevation of privilege vulnerability exists in the
Microsoft Server Message Block (SMB) Server when an
attacker with valid credentials attempts to open a
specially crafted file over the SMB protocol on the same
machine. An attacker who successfully exploited this
vulnerability could bypass certain security checks in
the operating system. (CVE-2018-0749)
- A denial of service vulnerability exists in the way that
Windows handles objects in memory. An attacker who
successfully exploited the vulnerability could cause a
target system to stop responding. Note that the denial
of service condition would not allow an attacker to
execute code or to elevate user privileges. However, the
denial of service condition could prevent authorized
users from using system resources. The security update
addresses the vulnerability by correcting how Windows
handles objects in memory. (CVE-2018-0753)
Apply Security Only update KB4056898.
http://www.nessus.org/u?86127709
The remote host is missing one of the following rollup KBs :
- 4056898
January 5, 2018
The "Meltdown" Story: How A Researcher Discovered The "Worst" Flaw In Intel History
by Tyler Durden
ZeroHedge.com
Daniel Gruss didn't sleep much the night he hacked his own computer and exposed a flaw in most of the chips made in the past two decades by hardware giant Intel, something we discussed in "Why The Implications Of The Intel "Bug" Are Staggering." And as Reuters describes in fascinating detail, the 31-year-old information security researcher and post-doctoral fellow at Austria's Graz Technical University had just breached the inner sanctum of his computer's CPU and stolen secrets from it.
Until that moment, Gruss and colleagues Moritz Lipp and Michael Schwarz had thought such an attack on the processor's 'kernel' memory, which is meant to be inaccessible to users, was only theoretically possible.
"When I saw my private website addresses from Firefox being dumped by the tool I wrote, I was really shocked," Gruss told Reuters in an email interview, describing how he had unlocked personal data that should be secured.
Gruss, Lipp and Schwarz, working from their homes on a weekend in early December, messaged each other furiously to verify the result.
"We sat for hours in disbelief until we eliminated any possibility that this result was wrong," said Gruss, whose mind kept racing even after powering down his computer, so he barely caught a wink of sleep.
Gruss and his colleagues had just confirmed the existence of what he regards as "one of the worst CPU bugs ever found".
The flaw, now named Meltdown, was revealed on Wednesday and affects most processors manufactured by Intel since 1995.
Separately, a second defect called Spectre has been found that also exposes core memory in most computers and mobile devices running on chips made by Intel, Advanced Micro Devices and ARM Holdings, a unit of Japan's Softbank.
Both would enable a hacker to access secret passwords or photos from desktops, laptops, cloud servers or smartphones. It's not known whether criminals have been able to carry out such attacks as neither Meltdown nor Spectre leave any traces in log files.
Intel says it has started providing software and firmware updates to mitigate the security issues. ARM has also said it was working with AMD and Intel on security fixes.
Finding a Fix
The discovery was originally reported by online tech journal The Register. As a result of that report, research on the defect was published a week earlier than the manufacturers had planned, before some had time to work out a complete fix.
The Graz team had already been working on a tool to defend against attempts to steal secrets from kernel memory.
In a paper presented last June they called it KAISER, or Kernel Address Isolation to have Side-channels Effectively Removed.
As the name suggests, KAISER seeks to defend the kernel memory from a so-called side-channel attack that exploits a design feature of modern processors that increases their speed.
This involves processors executing tasks "out-of-order", and not in the sequence received. If the CPU makes the right speculative call, time is saved. Get it wrong and the out-of-order task is cancelled and no time is lost.
Researcher Anders Fogh wrote in a subsequent blog that it might be possible to abuse so-called speculative execution in order to read kernel memory. He was not able to do so in practice, however.
Responsible Disclosure
Only after the December self-hacking episode did the significance of Graz team's earlier work become clear. It turned out that the KAISER tool presented an effective defense against Meltdown. The team quickly got in touch with Intel and learned that other researchers - inspired in part by Fogh's blog - had made similar discoveries.
They were working under so-called responsible disclosure, where researchers inform affected companies of their findings to give them time to prepare 'patches' to repair flaws they have exposed.
The key players were independent researcher Paul Kocher and the team at a company called Cyberus Technology, said Gruss, while Jann Horn at Google Project Zero came to similar conclusions independently.
"We merged our efforts in mid-December with the team around Paul Kocher and the people from Cyberus Technology to work on two solid publications on Meltdown and Spectre," said Gruss.
Gruss had not even been aware of the work Horn was doing.
"Jann Horn developed all of this independently - that's incredibly impressive," he said. "We developed very similar attacks, but we were a team of 10 researchers."
The wider team said patches for Meltdown, based on KAISER, had been readied for Microsoft and Apple operating systems, as well as for the Linux open-source system.
There is as yet no fix for Spectre, which tricks programmes into leaking their secrets but is viewed as a harder exploit for a hacker to carry out.
Asked which of the two flaws posed the greater challenge, Gruss said: "The immediate problem is Meltdown. After that it is going to be Spectre. Spectre is more difficult to exploit but also to mitigate. So in the long run I'd bet on Spectre."
http://www.zerohedge.com/news/2018-01-05/meltdown-story-how-researcher-discovered-worst-flaw-intel-history
Gold is $1,581/oz today. When it hits $2,000, it will be up 26.5%. Let's see how long that takes. - De 3/11/2013 - ANSWER: 7 Years, 5 Months
| 
