Google recently announced a zero-day vulnerability within its Chrome web browser and released a notification that the vulnerability is actively being exploited in the wild.  At this time they have provided very limited technical details on the exact nature of the vulnerability but reports indicate that if successfully exploited an attacker could remotely run arbitrary code on a PC.

As a result, Tier1Net has executed a script to update all instances of Google Chrome running on Tier1Net managed PCs which are susceptible to this vulnerability.

Regardless, it is highly recommended to verify that your PC’s instance of Google Chrome is running version 72.0.3626.121.

For more information on checking Google Chrome’s version and updating it please click here

 

 

 

 

 

 

Tier1Net would like to share the latest available information on the Spectre and Meltdown vulnerabilities.  First and foremost, it is important to note that there are still no known exploits actively targeting the vulnerabilities.

 

Firewall Layer

Tier1Net’s preferred firewall vendor, Sonicwall, has confirmed it has deployed antivirus and intrusion prevent signatures which will protect against attempted Spectre and Meltdown attacks.  These antivirus and IPS updates have already deployed to Tier1Net’s cloud and customer networks.

 

Patch Status

Tier1Net is actively tracking the status of patches as they are released.  Once released Tier1Net will evaluate patches for stability before releasing them for install.  A Tier1Net representative will contact you if it is determined that the installation of a particular patch requires manual intervention or a maintenance window.  Tier1Net recommends that its customers take immediate action to update their iPhone and Android devices using the Knowledgebase articles documented below.

To review the status of patches being released please see the following vendor list.

Microsoft

Microsoft has already released patches for the latest version of Windows 10 as well as patches for its web browsers, Internet Explorer and Edge.  With regards to older versions of Windows Microsoft will be releasing those patches this week.  PCs and servers within Tier1Net managed networks will automatically receive the patches via Tier1Net’s Windows Update service.

PCs not managed by Tier1Net (for example, personal use and home PCs) will automatically receive patches as long as they have been enabled to receive updates via Microsoft’s Windows Update service.  Please see the following for further information on enabling Microsoft’s Windows Update service: https://support.microsoft.com/en-us/help/12373/windows-update-faq

Apple

Apple has released iPhone iOS version 11.2.2 which includes code mitigating the Meltdown and Spectre vulnerabilities.  Tier1Net recommends installing the updates as soon as possible.  Please see the following KB detailing the steps required to update an iPhone’s iOS:  https://tier1net.itglue.com/DOC-1500653-1490177

Google

Google patched Android against Meltdown and Spectre in a January security update.  The specific availability of this update is based on the Android device manufacturer’s approval of the update.  Tier1Net recommends checking for and installing the most recent updates available as soon as possible.  Please see the following KB detailing the steps required to update an Android device:   https://tier1net.itglue.com/DOC-1500653-1490202

Google is also releasing an update for its Chrome web browser in the coming days which will obstruct attempts to exploit the Meltdown and Spectre flaws.  Chrome will automatically install the latest available version when the browser is launched.

Mozilla

Mozilla has released an update for Firefox to mitigate against Meltdown and Spectre.  The update will be installed automatically when the browser is launched.

VMware

VMware has released patches for its ESX hypervisor to address the Spectre and Meltdown vulnerabilities.  The ESX hypervisor typically operates on server hardware and is responsible for running virtual instances of Windows servers.  Tier1Net is in the process of evaluating these patches and will deploy them to its cloud and customer networks once patch stability has been fully confirmed.

 

Performance Concerns

There have also been reports of patches negatively impacting a device’s CPU performance once installed.  The initial reports of the performance impacts may have been overstated with conflicting reports on observed performance impact.  Microsoft has warned users of older PCs of a possible performance impact once patches are installed.  Regarding servers, any impact to performance is load dependent and may be further reduced by a new discovery made by Google researchers.

 

 

 

 

 

 

Introduction

Details on two security vulnerabilities impacting nearly all modern Operating Systems and Hardware were made public yesterday.  At this time new details are still emerging with many questions still unanswered.  Tier1Net has been evaluating information as it has been released and would like to share its findings with you.

Technical Information

The vulnerabilities have been named Meltdown and Spectre with Meltdown being the more serious of the two.  Based on current public information Meltdown impacts all devices running Intel CPUs while Spectre impacts nearly all CPUs made in the last 20 years including Intel and AMD.  A successful exploit of either would allow a bad actor or malicious program to read data as it passes from an Operating System to the CPU and back again.  This includes passwords and other sensitive data.  Spectre is less serious as it is much more difficult to exploit than Meltdown.  For further technical information please visit https://meltdownattack.com

Steps Being Taken by Tier1Net

As with all major security vulnerabilities there are a lot of news headlines sensationalizing the impact.  At this time there are no known exploits in the wild.  Furthermore, Tier1Net deploys multiple security layers to both its own internal and hosted infrastructures as well as client supported networks to greatly reduce the exploit risk of any single vulnerability.

With that in mind, Tier1Net is still taking all appropriate steps to address these vulnerabilities as quickly as possible.  Microsoft has released several patches via its updating service to mitigate the risk within its Windows Operating Systems while other patches from other vendors are still in development.  In the coming days and weeks Tier1Net will be testing and deploying patches as they become available with the goal of balancing security, vulnerability and stability.

Additional Information:

https://nakedsecurity.sophos.com/2018/01/03/fckwit-aka-kaiser-aka-kpti-intel-cpu-flaw-needs-low-level-os-patches/

https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html

https://www.theverge.com/2018/1/4/16848976/how-to-protect-windows-pc-meltdown-security-flaw

A vulnerability in the WiFi WPA2 security protocol which was discovered several months ago was made public earlier today.  The vulnerability named KRACK impacts the underlying WiFi WPA2 security protocol itself so all devices that interact with a WiFi network are potentially vulnerable.  This includes mobile phones, laptops and IoT devices (e.g., Alexa, Nest, etc).  To exploit the vulnerability a 3rd party would need to be within range of the wireless network to which a device is connected.  If exploited the vulnerability would allow a 3rd party to intercept and read traffic originating from a device and potentially inject malicious code into that traffic.  However, the 3rd party would NOT be able to read or inject code into any traffic that was sent over an encrypted session such as a HTTPS secured website or a VPN connection.  Furthermore, though the vulnerability has been made public, the code in which to exploit it has not been made public so there is little risk of widespread attacks.

Vendors were alerted of this vulnerability when it was first discovered in August and some have already released patches.  Apple and Microsoft devices are much less likely to be exploited due to the way in which they implement the WPA2 protocol.  Both have also issued statements that they have already patched the issue within their respective Operating Systems.  Google has acknowledged its aware of the issue but will not have a patch for its Android OS for several weeks.  Tier1Net is currently working with its WiFi vendor partners to obtain and deploy patches to Wireless Access Points as they become available.

In the meantime, Tier1Net recommends avoiding public WiFi hotspots unless your respective device is running the latest version of its Operating System with all appropriate security patches installed.  For a full list of vendors and their patch release dates please see: http://www.kb.cert.org/vuls/id/228519

For more information or assistance please contact Tier1Net Support at 781-935-8050 or at HELP@TIER1NET.NET.