Another Intel vulnerability discovered: Hello L1TF!
Did you know security exploits have a lifecycle? Since Intel announced Meltdown and Spectre earlier this year, they have expanded their bug bounty program to support and accelerate the identification of new exploit methods. Through this process they discovered a new derivative of original vulnerabilities. The new L1 Terminal Fault (L1TF) vulnerability involves a security hole in the CPU's L1 data cache, a small pool of memory within each processor core that helps determine what action it should take next. This type of exploit is similar to its predecessors and Intel, along with other chipmakers, are impacted.
Intel and other industry partners have not seen any reports of this method being used in real-world exploits.
IT professionals can safeguard systems against potential exploits with mitigations that have already been deployed and are available today. Previously released updates are expected to lower risk of data exposure for non-virtualized operating systems, however virtual machines are more susceptible. Intel suggests additional safeguards for virtual environments, like turning off hyper-threading in some scenarios and enabling specific hypervisor core scheduling features. There are concerns around varied performance impact with these fixes however. Intel and other industry partners are working towards additional options for addressing mitigation efforts.
Now, more than ever, it’s important to adhere to security best practices like keeping systems up-to-date through patch management of operating systems and third-party applications. Plus, it’s important to take action to prevent malware. Malwarebytes, one of ConnectWise’s Solution Partners, can help.
ConnectWise Automate® helps by allowing you to:
- Patch Windows operating systems
- Update third party applications like Google, Apple, Java, Mozilla, and more
- Rely on patch manager to allow administrators to test patches before rolling them into production, reducing the risk of 'bricking' or 'blue screens' for devices that may run into complications with 0-day releases for security events
ConnectWise Automate responds to security events by releasing an L1TF solution to the Solution Center. Our L1TF is a holistic solution which includes a script, EDF, and dataview, enabling ConnectWise Automate technicians and admins to easily determine which devices do not have the necessary mitigations applied, like Microsoft's August security roll up. The solution is free to all ConnectWise Automate partners and will be available soon!
Looking for More Patching Resources?
- VMware L1TF patches and fixes are here and here
- Microsoft L1TF patches and fixes are described here
- Red Hat L1TF patches and fixes are here