About Blog Security+ Training Online Login

How to protect your PC against the serious "Meltdown" CPU security bug

news Jan 04, 2018

** UPDATE 01/11/18 **

We've created a new updated Meltdown article (and video walkthrough) showing how to use PowerShell to verify your Windows 10 machine is protected from the Meltdown and Spectre bug. 


Early this week, TheRegister posted an article revealing a critical memory leaking bug that sent the internet into a frenzy.

The processor bug affects every computing device made in the last 20 years which runs off the Intel processor.

Researchers at Google at various university have already released PoC (Proof-of-Concept) code that demonstrates the Meltdown bug in action.  Some researchers even took to Twitter to post the PoC code. 

For example, well-known security researcher Erik Bosman tweeted his Meltdown PoC yesterday.

Microsoft and Amazon have already reported unplanned downtime to address the bug.

What Does The Meltdown Bug Do?

Every Intel processor created since 1995 is affected by the Meltdown CPU flaw.

The flaw gives an attacker the ability to steal data from privileged memory of a processor. An adversary could exploit the Meltdown vulnerability to steal arbitrary data from a victim process including personal photos, passwords, emails and, in some cases, even personally identifiable data (PII) such as social security numbers.

You can watch Michael Schwarz from meltdownattack.com exploit the Meltdown bug to steal passwords in real-time on Youtube and Twitter

It's pretty scary.

TheRegister published an in-depth, human-understandable explanation of the bug on Tuesday.  If you are interested in how the bug works from a technical level, we strongly suggest that you read write-up.

The other problem is that antivirus programs cannot detect or block this attack; this is explained on the https://meltdownattack.com FAQ page.

Is Meltdown Being Exploiting In The Wild?

On January 3rd 2018, Intel CEO Brian Krzanich, told CNBC that: "We've found no instances of anybody actually executing this exploit". 

He went on to say, "I mean, it's very hard — we can't go out and check every system out there [...] [b]ut when you take a look at the difficulty it is to actually go and execute this exploit — you have to get access to the systems, and then access to the memory and operating system — we're fairly confident, given the checks we've done, that we haven't been able to identify an exploit yet"

Of course Krzanich's remarks doesn't mean the Meltdown bug isn't being exploited in the wild, he simply doesn't think it is feasible given the complexity of the executing the attack.  

Incidentally, in a statement, Intel disagreed that the Meltdown exploits are caused by a bug or flaw and that the issue is unique to Intel; however, independent researchers are coming to a different conclusion.  We'll let you be the judge on this one.

What does this mean to you?  First of all you need to run the latest version of Windows.  Microsoft just released an emergency patch (named KB4056892) for all customers.  The company said:

We're aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.

If you're running Windows 10 the patch will automatically be pushed and applied to your computer the next time you log in.  If you're running an older version of Windows such as Windows 7 or 8, you'll need to grab the patch manually from the link above.

Microsoft went on to say that the "update installation may stop at 99% and may show elevated CPU or disk utilization if a device was reset using the Reset this PC functionality after installing KB4054022."  So keep this in mind when applying the patch.  If this happens to you, you can follow Microsoft's step-by-step workaround to resolve the CPU spiking issue.

How to Verify Your Computer PC Has The Update

You can confirm your PC is running the patch with a little Powershell trick.

Open up an elevated PowerShell Prompt.  Hit the Windows Key and type:

cmd

Then press Ctrl + Shift + Esc to open an elevate prompt.  This runs the command prompt with administrator rights.

Next type:

powershell

Then type:

Get-HotFix -Id KB4056892

If you get an error that means you don't have the update yet.  We can quickly fix this in Windows 10 by going to your update settings.

Hit the Windows Key again and type:

update

Click "Check for Updates"

And then run it run the check for updates.  It should begin downloading it.  Note the KB number here:

Next it will install it.  It took my computer about 5 minutes to install the update.

When it finishes, click "Restart Now"

Now when the box comes back up we can use the Get-HotFix cmdlet to see if it successfully installed:

Get-HotFix -Id KB4056892

Bam!  You're good to go.

If you have any questions, leave a comment and we'll get to your issue promptly.

Take the Next Step!

Join our FREE mailing list to get FREE Security+ training online. You'll get tons of Security+ videos, braindump PDFs, lab simulations and more.

Yes! I want to subscribe
Close

50% Complete

Let's do this!

Pop in your first name and best email address and we'll send you:

The latest updates on the CompTIA Security+ SY0-501 exam

Proven tips and tricks for passing the exam

Hands on video labs with complete step-by-step walk-throughs

And don't forget to refresh your inbox.  You should see us there in about 3 minutes.