January 9, 2018 3m read

The Meltdown-Spectre Exploits: Lock-down your Servers, Update Cloud Instances

Elad Menahem
Elad Menahem

Wondering where to begin your SASE journey?

We've got you covered!

The much publicized critical CPU vulnerabilities published last week by Google’s Project Zero and its partners, will have their greatest impact on virtual hosts or those servers where threat actors can gain physical access.

The vulnerabilities, named Meltdown and Spectre, are hardware bugs that can be abused to leak information from one process to another in the underlying process or the dependent on operating system. More specifically, the vulnerability stems from a misspeculated execution that allows arbitrary virtual memory reads, bypassing process isolation of the operating system or processor. Such unauthorized memory reads may reveal sensitive information, such as passwords and encryption keys. These vulnerabilities affect many modern CPUs including Intel, AMD and ARM.

Cato Research Labs analyzed the security impact of vulnerabilities Spectre (CVE-2017-5753, and CVE-2017-5715) Meltdown (CVE-2017-5754) on Cato Cloud and our customers’ networks. Any measures needed to protect the software or hardware have been taken by Cato.

We highly recommend that Cato customers follow their cloud provider’s guidelines for patching operating system running in the virtual machine of their cloud hosts. Most cloud providers have already patched the underlying hypervisors. Specific patching instructions can be found here for Microsoft Azure, Amazon AWS, and Google Cloud Platform.

Additional information about the attacks is described in Google Project Zero blog. Meltdown was discovered by Jann Horn at Google Project Zero;  Werner Haas and Thomas Prescher at Cyberus Technology; and Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz at the Graz University of Technology.

Horn and Lipp were also credited in the discovery of Spectra along with Paul Kocher in collaboration with ( in alphabetical order) Daniel Genkin of the University of Pennsylvania and the University of Maryland, Mike Hamburg from Rambus, and Yuval Yarom from the University of Adelaide and Data61.

Related Topics

Wondering where to begin your SASE journey?

We've got you covered!
Elad Menahem

Elad Menahem

Elad Menahem is the VP of Research at Cato Networks, driving innovation in cybersecurity and AI within the SASE space. With 20+ years of experience, he has led groundbreaking initiatives in threat research, from the endpoint through the network and the cloud, into big-data research incorporating AI. He began his career in an elite IDF Intelligence Tech Unit and later joined early-stage Trusteer as a researcher. He established some of the company's research foundation before its acquisition by IBM, where he held leadership roles and drove innovation in financial fraud detection and enterprise security. At Cato, Elad innovates in SASE. He leverages his technological and management experience to solve complex challenges and build technologies that transform networking and security.

Read More