In recent weeks, a significant security risk was exposed. This exploit has been named in two fashions: Spectre and Meltdown. We at SSG feel it important to help disclose the severity and impact of these exploits with this formal release.
Unauthorized Memory Disclosure through CPU Side-Channel Attacks
(“Meltdown” and “Spectre”)
Overview
Vulnerabilities exist in multiple modern CPU architectures that could permit an attacker to read the contents of memory.
Affected Products
VMWare, SQL Server, Linux, Windows, everything that uses a processor created in the past 15 years.
Details
Full details of the “Meltdown” and “Spectre” vulnerabilities can be found at the following URLs:
- https://meltdownattack.com/
- https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html
Official Releases
- Intel – https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
- AMD – https://www.amd.com/en/corporate/speculative-execution
- ARM – https://developer.arm.com/support/security-update
Due to the gravity of these exploits, we at SSG recommend patching Hosts, Operating Systems and SQL Server with the appropriate patch(es) being released . Some hosted Cloud solutions have already been patched by AWS and Microsoft Azure – but not all as of yet.
SSG is prepared to assist in patching your systems to ensure the proper security and integrity of your data and business. Contact us so we can help you mitigate these exploits as soon as possible.
Email (info@sqlsolutionsgroup.com) us now to schedule one of our consultants to help you secure your servers.
