Spectre and Meltdown IT Security Hardware Bugs Explainer Video and Fix Options with Bryan Hadzik — Network Consulting Services, Inc. - NCSi

News & Tech Alerts

The latest news and information from NCSI

Bryan Hadzik, CTO of Network Consulting Services, Inc gives us his take on Spectre and Meltdown in this 6-minute explainer video and then discusses your options on how to combat and fix using Ivanti software:

Hi everyone Brian Hadzik, CTO with NCSI
here to talk about meltdown and Spectre

you’ve probably heard about this in the
news, what are meltdown inspector well in the
first week of January 2018 some

researchers found some hardware flaws in
Intel processors now what’s unique about

them is this is not a software problem
there’s a hardware problem that’s deep

inside the silicon and so there’s gonna
be a lot more wide-ranging it affects

lots of different operating systems lots
of different kinds of chips and really

affects everyone and so we need to dig
into what we need to do to resolve this

particular problem so what what is
meltdown was inspector what do they mean

well meltdown they named it that because
actually melts the security boundaries

between applications so that one
application can potentially steal memory

from another and there’s normally a
hardware component to that to keep that

protected Spectre is based on something
called speculative execution and it’s

gonna be a little bit harder to fix over
the long term but it’s also more

difficult to to exploit so the meltdown
is a good example that could be a

JavaScript application could steal
password information from your web

browser that’s how how sensitive this
particular vulnerability is and how

critical it is to find a fix for it the
speculative execution like I described

is going to be be a lot harder to exploit than
the meltdown there are no known exploits

out today that are actually in the wild
people using this to break into systems

there are some sample code of people
demonstrating how to use it but there’s

no known wide-ranging exploits these
gonna be complex to fix over time and so

we need to apply lots different patches
some of the kernel some to web browsers

etc so as with everything security in
layers when it comes to correcting these

particular problems web browsers are
kind of the first Avenue and things that

we can protect because of that
JavaScript style vulnerability I

described earlier they should be one of
the first things we need to look into

fixing for example Firefox and our 57.0
for release has applied a patch to help

correct some of the issues
has a fix coming out in January on the

26th but you can actually go turn
something on called psych isolation in

the meantime to help give you some
levels of protection Internet Explorer

and edge are patched with some Microsoft
patches that are that are out right now

there’s an operating system patching you
need to worry about as well so be it for

0Mac OS or for Windows or iOS etc let’s
talk about the Microsoft side first so

Microsoft operating systems that that’s
Windows 7 Windows 8 Windows 8 1 Windows

10 you know all of the major operating
systems servers 2012 2012 r2 2016 etc

they need to have a patch applied to
them and Microsoft released them at the

first part of the year now the problem
is that there are a kernel level

patch what Microsoft discovered in
testing these patches is certain

antivirus manufacturers we’re making
calls against the kernel in an

improper way and so what would happen is
it would actually start blue screening

the machines so Microsoft did was in
before this patch gets applied it

actually checks a registry key that the
AV manufacturer needs to put in place

first to make sure that they understand
the the changes that need to be made for

these kernel calls what happens if you
go to apply that patch and that registry

key is missing it will simply not apply
the patch at all so if you keep applying

it and it keeps saying it’s vulnerable
and you can’t seem to get the patch

check that antivirus registry key for
example with Avanti Products Avanti uses

the Kaspersky antivirus engine as long
as the database definitions are December

28th 2017 or later it actually puts
those registry key in place if you use a

third-party antivirus please go check
with that antivirus vendor on if you

need to apply a patch or a definition to
make sure that that’s there first before

we can apply this kernel patch on
Macintosh if you’re on Mac OS 10 dot

13.2 or later you’re protected on mobile
devices iOS 11.2 and is protected and on

Android the January 2018 security patch
applies a patch to resolve this

particular vulnerability so that’s kind
of the background on it let’s talk about

how avanti products can actually help
you and protect against this particular

vulnerability here in my console I have
the Avanti endpoint manager product

and this is the patch management
component that I’m going to show you

here under vulnerabilities I’ve created
a custom group here for my meltdown

inspector just go and make sure your
patches are getting downloaded and

they’ll show up here in the detected
vulnerabilities and then like I said I

just did for grouping matches and put
them here under meltdown inspector so I

can keep track of them you can see on
the publish date over here on the side

most of them come out came out in the
January time frame you can see we have

ones like for the Firefox up here at the
top Firefox 5704 here are the various

operating system patches you can see
that there’s a standalone security only

update in addition to some monthly
roll-ups that were that include this

particular patch now for those of you
that are familiar with patch management

you know it’s gonna be pretty easy you
can come in here and you can choose a

repair you can look at the affected
computers on who actually needs this

particular patch and then hopefully the
end result is you’re gonna go in here to

auto fix and turn on auto fix and this
gets patched across your organization so

keep keep tabs on this there’s gonna be
more patches that would be added over

time as other you know for example
Chrome comes out with new patches or

does any other operating systems or so
forth that need to be have patches

applied to them thanks for watching
today again my name is Bryan Hadzik

with NCSI I appreciate you watching
today if you have any questions my

contact information is going to be down
below please reach out be more than

happy to help you out with it
thanks for coming