18 Jan Meltdown and Spectre – The Intel Kernel Memory Leak
The discovery is becoming more and more publicized every day, and at Pegasus, we’re actively monitoring and responding to keep our clients safe.
Essentially, massive security holes have been found in Intel CPU chips, affecting the operating systems of PCs, Macs, and other devices with Intel processors both new and old, as well as cloud providers. This fundamental design flaw is forcing Windows and Linux programmers to redesign the very core of their computer operating systems, known in the tech world as the kernel.
The kernel is a computer program that has complete control over everything in the system. It’s typically the first program that loads when you start up a computer, and it handles everything from data-processing and memory to peripherals like printers, speakers, keyboards, and monitors.
Now, Intel has realized that all CPU chips they’ve produced over the last decade contain a vulnerability that puts Windows and Linux kernels at serious risk. Cybercriminals have the potential to maliciously exploit this flaw, most likely by exposing secured information off of the kernel’s memory, or by easily hacking into other security bugs.
Specific details have been kept under wraps by Intel officials, likely to avoid a situation where they’re providing information that could play into the hands of hackers. Also, they’ve been hard at work to mitigate risks and find ways to fix the problem. Likewise, Microsoft, Linux, and others have been scrambling to apply temporary patches, such as the “Kernel Page Table Isolation.” To put it in simplest terms, they’re basically separating kernel data from the virtual memory space of a processor. However, this is a performance-slowing patch, causing Intel processors to slow down by 5-30 percent. While a system slow-down is frustrating, it pales in comparison to the potential attacks that cybercriminals are accessing.
Nearly as devastating as exploitation are the side-effects of early patches, which have caused some antivirus software and other key programs to break. As always, Pegasus tests security patches and helps clients both weigh their risks and minimize exposure.
Our senior team at Pegasus has been monitoring the situation as a top priority over the past few weeks and will continue until the problem is mitigated. To find out if your company is at risk, or to learn more about the dangers of the Intel kernel memory leak, contact our team today at (610) 444-8256.