Cloud, Data Center

Researchers Warn of Huge Security Flaw Affecting Most Computers Built in Last 20 Years

New Year, new security vulnerability. And this may be one of the worst ever.

Do you have a computer? Then you’re likely susceptible to new flaws exposed this week. They’re known as “Meltdown” and “Spectre,” and are equal-opportunity attackers: they can hit Windows, Linux and Mac computers.

That means not only on-premises data centers, but cloud-based servers. Yes, your cloud data is potentially at risk as well, since the flaw is in Intel and ARM chips, and maybe AMD chips as well (see below).

A website set up by security researchers to provide answers to the public says that almost every computer is vulnerable: “…every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011.”

So basically, every computer. Whether or not AMD CPUs are at risk remains an open question, with disagreements even in the security community. The flaws were discovered by researchers at Google’s Project Zero.

Meltdown works by breaking down security barriers, collapsing the fundamental isolation between user applications and the operating system. Spectre, for its part, essentially fools programs into releasing private data that would otherwise remain private.

All the companies involved, including Intel, ARM, Microsoft and Linux, have issued patches. One story on The Hacker News site states that fixing the problem could cause a new issue, however: a slowdown of CPU speed by anywhere from 5% – 30%.

According to The Verge, Microsoft and developers in the Linux community are closing the vulnerability by separating the kernel’s memory from user processes via a method known as “Kernel Page Table Isolation.”

There’s no reliable data yet on whether the flaws are appearing in the wild, but that is surely coming. And it gets back to the most basic of security concepts, one that even in 2018 continues to be ignored by shockingly large numbers of individuals and businesses: patch your systems, and make sure they’re up to date.