FAQ – Meltdown & Spectre
Spectre & Meltdown FAQ
Meltdown vulnerability is restricted to Intel Processors. However, Spectre vulnerability affects all server, workstation on mobile systems and operating systems like Windows, Linux and macOS. It was shown to work on ARM, Intel and AMD processors.
- Vulnerability: is a flaw in a system, or in some software in a system, that could provide an attacker with a way to bypass the security infrastructure of the host operating system or of the software itself
- Exploit: is the implementation of a one or more vulnerabilities in order to carry out some form of malicious intent, such as a denial-of-service attack, infiltration, privilege escalation, ...
- Malware: short for malicious software, is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.
- Evasion: bypassing an information security device in order to deliver an exploit, attack, or other form of malware to a target network or system, without detection.
The software patch that was released dubbed Kernel Page-Table Isolation (KPTI) mitigates the attackers capability to read privileged data from the operating system memory. However, the patch also have a side-effect that may cause 40% system slowdown.
AV and NGAV will not be able to defend against Spectre and Meltdown vulnerabilities explicitly but may be able to detect and stop malware attempting to exploit these vulnerabilities.
Organizations can do the following to protect against Spectre and Meltdown vulnerabilities.
- Patch Systems: Install Kernel Page-Table Isolation (KPTI) patch on all Windows, Linux and other systems.
- Multi-Layered Security: To complement pre-infection defenses, like NGAV, we suggest deploying post infection protection capabilities, like enSilo’s endpoint security agent. enSilo software has full kernel level visibility on the endpoint and can malware threats, that utilize Spectre and Meltdown vulnerabilities, in a real-time basis.
enSilo Cloud Infrastructure runs on Google Cloud which has implemented protections to ensure virtual devices running in the Google Infrastructure are not at risk from this vulnerability.