Year 2018 started a bit
crazy when it comes to computer security. Security researches published a huge
security vulnerabilities related to CPUs – computer’s microprocessors.
If you remember year 2015 and
a bug called Heartbleed
that was almost nothing comparing to these two. The two are considered as "catastrophic"
by security analysts. In short the Meltdown
allows a rogue process to read any kernel memory, also in case the process is
not authorized to do so. The Spectre
is abusing a branch prediction of microprocessor’s cache that affects microprocessors
with speculative execution. This involves cashed data which may be read/modified
by tricking the accept requests.
One of the issues related
to these vulnerabilities is that the Spectre is not easy to be fixed. Also while
employing the fixes it is causing CPU’s performance degradation.
The vulnerabilities are affecting
wide variety of devices - almost every device using microprocessors especially
made by Intel, ARM, possibly also AMD. As SAP systems are running on these processors
as well the SAP is paying an attention to the vulnerabilities. There are
special SAP Notes (see below) prepared and being updated that advise customers
on what to do.
More information:
2585591 - How to
protect against speculative execution vulnerabilities on Windows?
2586312 - Linux:
How to protect against speculative execution vulnerabilities?
No comments:
Post a Comment