Meltdown, Spectre Patch Management Process: 88% Frustration
The complexity and challenges associated with the Spectre and Meltdown security vulnerability patches are leading many organizations to delay patch rollouts, according to a survey conducted by endpoint protection solutions provider Barkly.
Key findings from the Barkly survey included:
- 88 percent of organizations expressed frustration with the Meltdown and Spectre patching process.
- 80 percent said they found the Meltdown and Spectre patching process to be unclear.
- 72 percent plan to slow future patch rollouts.
- 50 percent lack a strategy for securing endpoints that are waiting to be patched.
- 22 percent do not plan to apply patches in all cases where they anticipate that patches will have a significant impact on an organization’s performance.
Intel first commented on Meltdown and Spectre in January 2018, but initial Meltdown and Spectre patches caused higher system reboots after end users applied firmware updates. The company later identified the source of the issues and offered recommendations to help organizations address the faulty patches.
In addition, Microsoft this month advised Windows users to update their device software and firmware to address Meltdown and Spectre. The company also added software coverage for x86 editions of Windows 10 and released Intel microcode updates for some Skylake devices running Windows 10 via the Microsoft Update Catalog.
What Tools Are Available to Manage Meltdown and Spectre Patches?
Microsoft provides a PowerShell script that system administrators can run to test Meltdown and Spectre mitigations, Barkly said. Furthermore, Microsoft’s free Windows Analytics service offers capabilities designed to help system administrators track and manage the Meltdown and Spectre patching process.
For Linux users, Spectre & Meltdown Checker is now available. This shell script enables users to find out whether Linux kernel installations are still vulnerable to Meltdown and Spectre after applying patches, according to Barkly.
Intel Redesigns Processors to Protect Against Spectre Variants
Intel has redesigned some of its processor components to protect against Spectre Variants 2 and 3, CEO Brian Krzanich said in a prepared statement. Meanwhile, Spectre Variant 1 and Meltdown will continue to be addressed via software updates.
Going forward, Intel processors will use “partitioning” that provides protective walls between applications and user privilege levels, Krzanich stated.
The Intel processor changes will be incorporated into the company’s Xeon Scalable processors and Core processors, Krzanich indicated. These processors are expected to ship in the second half of 2018.