Overview of Meltdown and Spectre for CWRU

Reports appeared in the first week of January of two security hazards, called “Meltdown” and “Spectre,” caused by vulnerabilities in microprocessors. This is a report from UTech summarizing the basic issues and answering key questions for the CWRU community.

Meltdown and Spectre are processor-based hardware vulnerabilities that expose systems and private data to theft and exploitation.  The risks are caused by the chips that run technology used by most, CWRU is at potential risk.

Summaries

A good roundup of the topic can be found here:

https://www.cnet.com/news/spectre-meltdown-intel-arm-amd-processor-cpu-chip-flaw-vulnerability-faq/

For a more in-depth but still accessible discussion, please view:

https://ds9a.nl/articles/posts/spectre-meltdown/

Questions and Answers

Q: Am I affected?

A: Yes, everyone at the university is potentially affected.

Q: Which systems are affected by Meltdown?

A: Desktop, laptop, and cloud computers may be affected by Meltdown.

Q: Which systems are affected by Spectre?

A: Almost every system is affected by Spectre: desktops, laptops, cloud servers and smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable.

Q: What sort of information or data can be leaked?

A: Technically anything in system memory could be leaked, including passwords and sensitive data stored on the system.

Q: Can antivirus tools detect and/or block Meltdown or Spectre?

A: Not at this time. Meltdown and Spectre are vulnerabilities, not malware--therefore antivirus protection will need to wait until malware binaries become known.

Q: Are there patches available?

A: Some exist through official channels for Meltdown, even fewer for Spectre. 

Q: What does UTech recommend?

A: Apply patches immediately upon release. Enable auto updates if not already enabled.

Q: Will UTech provide more updates going forward?

A: Yes. If you have questions, please contact the [U]Tech Service Desk at 216.368.HELP / help@case.edu.