Problem?
Intel processors vulnerability. Process sensitive data dangerous
Yes! Unfortunately serious one. Data which is stored in processor cache memory can be known by user. This is Intel processors vulnerability. Process sensitive data dangerous is high.
Why so serious?
Example 1. Let’s imagine that you have disk encrypted in your personal computer. System process need to know disk password to operate on the disk. That’s fine. This password can be stolen from processor cache by local user. There is problem with isolation between system processes and user layer.
Example 2. You work with virtualized or cloud environment. One server hosts more that only one operating system. Host processor work on systems processes simultaneously and store data in cache. All those information can be dumped. If you’re on cloud, in some cases someone else can stole other user information.
Attack Methods
There are two attack method mentioned:
– Meltdown where all processor cache data can be dumped. Intel processors are susceptible.
– Spectre. In this case other process data can be stolen. What is important Spectre work on Intel, AMD and ARM processors so also mobile devices are affected.
Real world affect
Intel issued a statement. They inform that problem can be solved only by perform a patching with proper update. Microsoft patch will be available on 9th of January 2018. Unfortunately the problem is performance because some developers who already tested MS patch reports that software isolation between system processes and user layer costs some computing resources. Estimation is between few and even more than 60%.
AWS and Azure sent information to customers that patching action will be performed and some downtime is needed. See AWS and Azure messages.
Conclusion
Problem is real. Nobody knows what will exactly happen in their environment after patching when performance can be poor. What about decision to do not install the patch? What is real security impact? Those and more questions are in IT profs heads. I hope that real impact will be less that expectations.
What is interesting: Intel CEO sold a lot of Intel stock in the end of 2017.
