Security Gap Deemed Meltdown Exposed
Intel has recently reported a major security gap lying deep within the kernel. The kernel lies deep within the operating system, and manages operations between the computer and the hardware. The security gap, deemed Meltdown, allows for programs and applications to communicate with one another through the kernel. Typically, this communication is mitigated by the kernel. However, Meltdown allows for all programs, including low-level applications to access the memory of other programs within the device. Due to this gap, hackers would be able to access various forms of data, or execute malware on different levels of the device.
According to The Verge, the Intel processors impacted dates back up to 10 years. Some of the Windows and Linux devices have been updated; although there is not yet a patch for Windows 10. However, the patch is expected to be released this week. However, not all devices will receive the patch. The update was creating a blue-screen-of-death (BSoD) error on certain devices using particular security programs. Therefore, the update will only be allowed to execute on devices that are using an approved security solution, that updated their registry key. By updating the registry key, the BSoD issues will not arise. PC Matic has updated the registry key, and will allow for the patch to execute.
Although, there are still issues with devices after the patch is installed. Of those that have been patched, users have reportedly experienced a 5-30% decrease in performance. There are also issues with AMD Athlon CPUs. After the update is installed, the PC only displayed the Windows logo and otherwise failed to boot. Now that the issue has been identified, nine Windows 10 updates have been stopped until a fix is available. There is not an estimated release date for these updates at this time; however, it is not expected to take long due to the threat of the security gap associated with the processors.
If your device with AMD Athlon CPUs has already been patched and is now not working, The Register reports,
“Those who have suffered from the putrid patch will therefore need to disable Windows Update as just about the first thing they do. Keeping the machine off networks seems a helpful precaution.”
If you are uncertain if your system has been patched, be sure to check your system for any software updates needed. If a patch is available, it will deploy at the time of the Windows update.
Spectre Vulnerability Impacts All Modern Processors
Although Meltdown is able to be fixed through an update – experts believe Spectre will take decades to rebound from. The vulnerability deemed Spectre, impacts all modern processors found in Windows, Linux, iOS, MacOS, and Android. The security gap is based on the design flaw within the processors. The security patch for Meltdown is supposed to also assist with patching the Spectre gap. Although it has been reported the issue will not be fully resolved until new processor chips hit the market. Security researcher, Paul Kocher, made the following statement to New York Times,
“We’ve really screwed up. There’s been this desire from the industry to be as fast as possible and secure at the same time. Spectre shows you cannot have both.”