Scope of the vulnerability is wide-ranging

Security MEA in conversation with Dimitris Raekos, General Manager at ESET Middle East about the scope of vulnerabilities that have been exposed by the discovery of Meltware and Spectre flaws in the CPUs.

How would you describe Meltdown and Spectre CPU flaws?
The meltdown and Spectre flaws have affected the majority of microprocessors across the world and the flaws have the potential to expose both software and hardware vulnerabilities that can compromise the entire contents of mobile devices, desktops, entire networks or even cloud.

Although such software and hardware vulnerabilities are not new and the software bugs can be patched by software updates, while hardware bugs can be dealt by updating the firmware. But in this scenario, it is tough to tackle these two vulnerabilities as they are caused by a design flaw in the hardware architecture that can only be fixed by replacing the actual hardware.

What is the extent of damage can these flaws have on users?
The scope of the vulnerability is wide-ranging, affecting everything from the ARM processors commonly used in tablets and smartphones to processors used in supercomputers.

How to protect devices from these CPU security flaws?
The best way to contain the extent of damage is by updating your browser and make sure your internet security or anti-virus such as ESET are also updated and then update your Windows OS to protect against this exploit.

ESET customers should review Knowledgebase article for the important updates. And, In case if you have a cloud-based server or your website is hosted by a hosting provider, it would be advisable to check with your service provider to see what mitigations they have implemented for security from these flaws.

Will it lead to another widespread malware or ransomware attack like WannaCry or NotPetya?
2018 started with an unexpected scenario that couldn’t be easily predicted. With the increase in the number of IoT devices it may not feasible to replace all the CPUs in all devices or even update the firmware that can enable attackers to take the advantage of specific vulnerabilities and create a widespread attack.

How can ESET stop malware that uses Meltdown and Spectre vulnerabilities?
ESET was among the very first security vendors to allow the Microsoft patch against the flaw to be enabled. ESET released Antivirus and Antispyware module update 1533.3 on Wednesday, January 3, 2018, to all customers to ensure compatibility with Microsoft’s updates to the Windows operating systems. ESET is working alongside hardware and software vendors to mitigate the risk posed by the vulnerabilities.

What can users expect now as the vulnerabilities are exposed?
With both hardware and software vendors working towards containing the damage that these two serious vulnerabilities can cause including stealing sensitive and private information such as passwords, photos, perhaps even cryptography certificates.

Luckily, with cooperation between the suppliers of modern operating systems and the hardware vendors responsible for the affected CPUs, the Operating Systems can be patched, and complemented if necessary with additional firmware updates for the hardware. Users should keep in mind that these measures might affect the processing speed of these devices.