Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0121 Two new speculative execution side-channel vulnerabilities announced 22 May 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: CPU Microcode Operating System: Windows UNIX variants (UNIX, Linux, OSX) Mobile Device Virtualisation Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-3640 CVE-2018-3639 Member content until: Thursday, June 21 2018 Reference: ASB-2018.0002.4 OVERVIEW New vulnerabilities have been found in CPU microcode using speculative execution. Continuing from Spectre and Meltdown, Intel has announced Variant 3a and Variant 4 of the side-channel attacks. [1] IMPACT Intel advises: "CVE-2018-3639 – Speculative Store Bypass (SSB) – also known as Variant 4 Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2018-3640 – Rogue System Register Read (RSRE) – also known as Variant 3a Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis. 4.3 Medium CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" [1] MITIGATION Intel advises: "Most leading browser providers have recently deployed mitigations in their Managed Runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a modern web browser. These techniques would likewise increase the difficulty of exploiting a side channel in a browser based on SSB. Intel has released Beta microcode updates to operating system vendors, equipment manufacturers, and other ecosystem partners adding support for Speculative Store Bypass Disable (SSBD). SSBD provides additional protection by providing a means for system software to completely inhibit a Speculative Store Bypass from occurring if desired. This is documented in whitepapers located at Intel’s Software Side-Channel Security site. Most major operating system and hypervisors will add support for Speculative Store Bypass Disable (SSBD) starting as early as May 21, 2018. The microcode updates will also address Rogue System Register Read (RSRR) – CVE-2018-3640 by ensuring that RDMSR instructions will not speculatively return data under certain conditions. This is documented in whitepapers located at Intel’s Software Side-Channel Security site. No operating system or hypervisor changes are required to support the RDMSR change. It is expected beta microcode updates will be fully production qualified in the coming weeks. Intel recommends end users and systems administrators check with their OEM and system software vendors and apply any available updates as soon as practical." [1] REFERENCES [1] Q2 2018 Speculative Execution Side Channel Update https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWwNl5Yx+lLeg9Ub1AQhTgw/8DGXRdu39MWJKiN8lh+76Zc+ouQKiaTpt uSUfv5biUUCH3kGN5/qGLzHth6nL/rHUE+uwwS0hQQ+lPzoTtgbUp/qAX+G+Jly/ THcWY7JOndGjvVBXafQEigbINRfkZAXZN9VbWDpBxKw1BaNWQPzIKeKDZjCHXcWU 6MFviOM1BYmdEPRdGnFOloofZL12zgMJ4qOf2BUy+iIYe+FeUvlQqbFDwzpYkVAM dFTC/nLB1mCvFNC8YMUjm2KUZKSN+DpDBEx/d1RNCzZ+rzh/S9v4uA5L4YGmKHkW mv1wt1vWDtKd16B1RB4vZ/VyaYR9w/oTkwYtFUFfU829SdA9FA8lDUWqyrATth4X qiAvIB/hKDn084OPoru6OMoMC78AyTc81PkOkx2UM2aqPQDVrKxApAUa261jxJKS QSl035znjOo/xL9bi8VB36DuRRgU+Ca1m/ijZUGPR1AzHmv9b3B2u4qGa/1XAF8W QeYzgp/gVokHYdhqv+T468TQYQY0EcEK/uSMHPs72SG08Us5C9w6sZeUl5ofbA20 AhY/qHwgpsVA6jNrahF6vEaqJBGHzrTX7OVOFU8UHVIhJhqTpv8RJr/qioqDDtRQ suxAGvBuh+OD9NmTlGR1lG4QwhDJ11Q1x0BhZUUULYhqhRogGwL9IVi9HOB/+pFb iA5yaFK5Jsc= =3So6 -----END PGP SIGNATURE-----