Spectre and Meltdown cause trouble worldwide
Currently, reports are accumulating about insecure processors that have been used for years. The two attack scenarios, Meltdown and Spectre exploit these vulnerabilities. Especially explosive: Every operating system on which more than one user is working is affected. Thus the “unprivileged user” is able to read each memory area of the RAM, as long as he can run the software at the system. An attacker can do this by placing malicious code on a website called from a web browser.
How massive the scale really is becomes clear when you realize that the vulnerability “Meltdown” affects every Intel-CPU since the Pentium II in 1997. Furthermore, “Spectre” affects ARM and AMD microprocessors. with similar influence to PCs, laptops, tablets, servers and smartphones. By taking advantage of these gaps, hackers are able to avoid barriers between user program and RAM to extract sensitive data such as passwords.
Cloud solutions are also affected: Office 360 or AWS data can be read by unauthorized users, as they usually are not encrypted in RAM. As long as Microsoft, Amazon and IBM have not patched and restarted their entire clouds, cloud applications should not be used for confidential information.
Greenbone‘s solution is protected
The Greenbone Security Manager is not affected by these vulnerabilities! Our authorization concept and system hardening does not allow users to exploit the proof-of-concept gap. In addition, since JAN 5th 2018 the security feed of our solution identifies unpatched systems and supports the user to quickly recognize and remediate the vulnerabilities.