The vulnerabilities, Meltdown and Spectre, have created a significant security concern around the globe. Listed below are common questions managed service providers (MSPs) and value-added resellers (VARs) may be facing due to these security gaps.
What is Meltdown?
Meltdown is a security gap lying deep within the kernel of Intel processors. Meltdown, allows for programs and applications to communicate with one another through the kernel. Typically, this communication is mitigated by the kernel. However, Meltdown allows for all programs, including low-level applications to access the memory of other programs within the device and their secrets.
What is Spectre?
Spectre is a design flaw within almost all modern processors that are capable of keeping many instructions in flight. This vulnerability breaks the division that is normally between all applications. An attacker can then trick applications that have no vulnerabilities into leaking secret information to the attacker. Spectre is not as easily exploited by cyber criminals as Meltdown is.
Why are Meltdown and Spectre issues?
They leave security gaps that allow hackers to access sensitive information across different applications on a device. This can include various forms of data, or execute malware on different levels of the device.
How do I know if my device or my customer’s device is impacted?
If your device is using an Intel processor, it’s almost certainly impacted by Meltdown as the vulnerabilities date back as far as a decade. Any device with a modern processor is also almost certainly affected by Spectre, as it spans not only Intel and AMD but all modern processors in any device.
How can this be fixed?
There have been several patch releases from companies to mitigate these vulnerabilities, these include but are not limited to: Windows, Linux, Android, iOS, and OS X.
Google has released Android patches for its devices as well as its Android partners, but whether your smartphone gets the patch or not is still up in the air. There is more information here on Android device vendors pushing out the update.
Apple has released patches across all of their devices that are still supported by iOS 11. This dates back to iPhone 5S.
Will all of my customer’s machines be updated?
It’s possible they will not. Microsoft is only releasing the update to devices that either have no third party anti-virus installed, or are using anti-virus software that has set a specific registry key. This is important because, if the registry key has not been set, then this specific update as well as all future Microsoft patches will not be pushed to that device. Microsoft found that there was a small group of anti-virus products that were using their protocols incorrectly and caused blue screen issues after the patch.
How do I know if my anti-virus made the registry key update?
You’re encouraged to reach out to your anti-virus software vendor to inquire if they’ve made the necessary updates. PC Matic Pro, PC Matic MSP, and PC Matic Home have set the registry key, per Microsoft’s request. You can verify that your version of PC Matic is allowing the patch by ensuring you’re on Super Shield version 22.214.171.124.
If my anti-virus provider doesn’t update their registry key, what do I do?
If the AV vendor does not set the registry key, this patch will not be installed as well as all future Microsoft patches. Microsoft does recommend that you give AV vendors some time to get this registry key set as it’s a complex change. We encourage you to reach out to your anti-virus vendor if you’re not getting the patch.
Once updated, will customers experience any issues?
Possibly. Users have reported up to a 30% decrease in device performance. Although this is widely unknown and varying depending on the individual device and operating system. Microsoft believes older operating systems Windows 7 and 8.1 will suffer more than Windows 10.
Other than performance issues, are there additional risks of installing the update?
Yes. AMD Athlon CPUs have been experiencing a BSoD. Since the issues have been reported, the updates have been suspended until a fix can be issued. Azure virtual machines are also experiencing issues getting back online after completing the update. Although, Microsoft has identified this as isolated incidents.
An additional issue has been associated with PCs running the update with more than one AV program installed on the device. This issue is creating a BSoD issue as well. This error is presenting if one of the multiple AV programs is not in compliance with the registry key Microsoft has required. Therefore, even if the primary software is updated with the registry key, and the other is not, the BSoD will occur.
Where is the best place to find all of the information myself or my customers could possibly want on Spectre and Meltdown?
Beware, following this link leads you down a rabbit hole of technical documentation, research papers, code, and general technical talk. Enjoy! https://meltdownattack.com/
How can I demonstrate to concerned customers that their devices have been patched?
If their devices are running Windows 10, you can have them check their Build Info for the operating system. The latest patch that needs to be installed is Build 16299.192 (KB4056892). You can find the link for build info on the right side of the Windows Update screen.
Can I ensure my customers that PC Matic has taken all steps to cooperate with Microsoft and help mitigate vulnerabilities?
Yes. We have been working closely with Microsoft for years and worked quickly to make sure we released an update that not only did not stand in the way of this patch, but mitigated any possible issues that could come with the update. Ensuring continued ‘business as usual’ operation for our customers is critical.
What information should I relay to my customers?
This is another instance where it’s important to keep updating to the latest Windows OS. Windows 10 saw the patch very quickly, and will also see the least performance impact. Older operating systems will be affected negatively in their performance, and even older systems like Windows XP are still waiting on a patch if it will come at all.
You can also relay that PC Matic in all forms was still protecting customers from malware. If there were execution attempts from malware to use this vulnerability, our whitelist and Super Shield would step in and stop that execution. We also made updates to our product to cooperate with Microsoft and allow the patch to be installed as soon as possible while ensuring quality control.