Spectre & Meltdown vulnerability patch repair security tips
Spectre/Meltdown events seem to have entered the second stage-various vendors have released their own repair solutions. However, it does not seem as smooth as imagined. The industrial control system vendor Wonderware said that the Meltdown patch affected the stability of the industrial control system, while the SolarWinds found that the patch caused a soaring CPU usage.
Meltdown patch causes industrial control system crash
The Meltdown patch affects the stability of the industrial control system.
Wonderware, A industrial control system vendor, admitted that Redmond's Meltdown patch made its Historian product unstable. The Wonderware support website statement said: "Microsoft's upgrade of KB4056896 causes the Wonderware Historian to be unstable and the DA/OI server cannot be accessed through SMC.
Wonderware revealed that related patches have caused problems in Studio 5000, FactoryTalk View SE and RSLinx Classic, which are widely used in manufacturing. Kevin Beaumont, administrator of network security vulnerabilities, said: "This may be due to changes in RPC [Remote Procedure Call.
The Spectre/Meltdown patch has a significant impact on the AWS infrastructure of SolarWinds.
After installing the Spectre/Meltdown patch on your Amazon Web Services Infrastructure, SolarWinds finds that the host performance is seriously degraded.
After the Amazon PV instance is restarted, the CPU usage soared to about 25%, which is quite different from the status before patching.
The company also monitors the performance of its EC2 instances and notes that Amazon is launching crash patches.
The company also observed the performance changes of EC2 instances. The good news is that the problem has been improved after Amazon released patches.
"AWS can use the Meltdown patch to fix HVM instances without restarting them. From what we have observed, these patches start to run at UTC on January 1, January 4, and are completed at around UTC on the EC2 HVM instance of us-east-1. "
In general, the data packet rate of the Kafka cluster is reduced by 40%, while the CPU usage of Cassandra is increased by 25%.
After patches are deployed on Amazon, the CPU usage decreases. The company released an update on March 13, January 12, 2018.
"As of this morning, we have noticed that our instance CPU usage has been reduced by one step. It is unclear whether there are other patches, but the CPU level seems to be restoring to the patch level before HVM. "The company said.
Be careful if you are using a fake patch.
The Meltdown and Specter vulnerabilities have also aroused the attention of hackers. Soon after the launch of the vulnerabilities, hackers began to use these two vulnerabilities for phishing attacks.
Malwarebytes reported that hackers are using the SmokeLoader virus to attack users.
The virus came from an email disguised as the German Federal Information Security Office. Malwarebytes also found a domain name. These domain names and emails have nothing to do with the German Federal Information Security Office. Hackers use this agency to disguise themselves and allow users to install malware.
Contains viruses.
After downloading and running, the user will run the SmokeLoader, which can download and run other payloads. The researchers found that it connects multiple domain names and sends encrypted information.
Hackers often use hot events to spread viruses and remind readers to download patches from official channels.
* Reference Source: TheRegister, author sphister, reprinted with the source from Freebuf. COM