What you need to know about Intel processor design flawBlog
The IT world is racing to patch their systems after two major vulnerabilities in Intel, ARM and AMD processing chips have been announced – affecting almost all computers and systems made in the past two decades. Possibly more.
These two vulnerabilities – dubbed Spectre and Meltdown – allow unauthorised access to your device’s data. They have forced a significant redesign of the Linux and Windows kernels to reduce the impact the bug.
The impact on IT
These CPU vulnerabilities (Spectre and Meltdown) can allow attackers access to your OS’s kernel memory, which can then be exploited to access sensitive data. The result of the fundamental design flaw in Intel’s processor chips means that PCs and Macs will need new patches to mitigate the flaw, or risk a performance penalty. (reported to be 5 to 30% overhead).
According to Google, virtually every Intel processor released since 1995 is vulnerable. They will be releasing Chrome version with a patch on 23 January. Microsoft has already released an emergency Windows 10 patch.
What you can do about the Intel processor design flaw
- Be ready for patch Tuesday from Microsoft, and check your Linux distributions. This will introduce a performance hit on your systems, 5-30%. Your mileage may vary, therefore please test production systems carefully for load.
- Plan for priority systems, Internet facing, DMZ, Critical Services.
- Access risk and prioritise patching.
Get in touch with Dimension Data’s Cybersecurity Advisory, formally Security Architecture Assessment & Security Architecture Consulting Service. We assess your IT framework for a secure posture, which is then tested against control points. One of which is patch management ability.
Vulnerabilities abound – especially if your systems are out of date
The past few years have been unusually high activity for new vulnerabilities, so 2016 appears to be more of a correction to normal pace of vulnerability exposure. That combined with vendors implementing more secure development lifecycle practices. There was no major vulnerability announcement with far-reaching repercussions akin to Heartbleed or Shellshock since 2014. In fact, majority of clients have now patched these vulnerabilities so we’re seeing the tapering off on the discovery of what was some very widespread vulnerabilities.
- 47% of vulnerabilities are more than 3 years old
- 53% of vulnerabilities were disclosed within the past 3 years
- 8% more than 10 years old
- Discovered vulnerabilities as old as 17 years, still prevalent in our environment
- Four industries account for 79% of all vulnerabilities across our client base: Technology (34%), Business/Professional Services (21%), Retail (14%), Finance (10%)
- Overall 6% reduction in the number of vulnerabilities recorded across our client base year on year.
Organisations are adopting more robust patch management strategies coupled with periodic assessments, but significant improvement is still required to meet compliance requirements and industry best practices. This will play an important role as organisations begin rolling out new devices, and technologies to accelerate their digital business. This is where Dimension Data can play a key role, using our consulting capability in terms of security architecture assessments, assessments services in penetration testing, vulnerability assessment, and vulnerability management solutions.
Our top recommendations
- Plan for priority systems, Internet facing systems, DMZ & Platforms with Critical Services (Access risk and prioritise patching. All systems will finally need to be patched)
- Test application and loading of systems with new patches
- Patch hypervisors
- Patch operating systems
- Minimise administrative privileges
Find out more about Dimension Data’s cybersecurity solutions and services, and start preparing for a predictive cybersecurity strategy.