The View From NCS Technologies

Meltdown and Spectre Security Vulnerabilities

Posted by Mike Turicchi on Jan 31, 2018 4:15:41 PM

Earlier this month, NCS was notified about industry-wide security vulnerabilities which affect the Intel-, AMD- and ARM-based products we provide. We are taking action to help our customers address their concerns.

The vulnerability was discovered by researchers using a new side-channel analysis method. This method gathers information by observing the physical behavior of certain processing techniques that are common to normally-operating modern computing platforms. Malicious code using this method and running locally on a normal operating platform could infer data values from memory.

Based on Intel’s current assessment of these exploits, we believe that they do not have the potential to corrupt, modify, or delete data. However, sensitive data may be observed and therefore poses a security risk of that data being stolen and used for malicious purposes.

The side-channel analysis method cannot be enabled remotely. The code must be running locally on a targeted machine for the data to be observed.

Intel and other industry vendors are in the process of updating the microcode for all impacted processors. In some cases, Intel is releasing updates to previously released code which was found to have other, unrelated negative impacts on system performance. NCS recommends all customers test any newly released code prior to deploying the code on production systems. Complete protection from the exploits requires updates to the Operating System as well. Operating System updates are available from the Operating System vendors.

Please contact your NCS representative for any NCS branded equipment which may be impacted for model-specific information.

Additional resources and updates to the status of Meltdown and Spectre are available from the links provided below:

- Intel Advisory (Intel-SA-00088)
- AMD Advisory
- NIST NVD CVE-2017-5715
- NIST NVD CVE-2017-5754
- NIST NVD CVE-2017-5753

Topics: security