Enterprise Response by Ian Pratt About Spectre Meltdown
- The Intel chip vulnerability triggered Spectre and Meltdown – information leakage vulnerabilities.
- Spectre and Meltdown require an attacker to run code on the target system.
- Micro-virtualization can really help mitigate the effects; even when dealing with kernel vulnerabilities.
We asked our founder, Ian Pratt, to talk to us about Spectre, Meltdown and what this means to the industry and to Bromium customers. He also wrote up these notes to accompany the video. This is part two of a three-part series (see part one and part three). We have a blog with information for Bromium customers – the most important thing is to make sure you get the Bromium upgrade before you patch Windows – and we’re here to help if you have additional questions.
Watch: virtualization-based security eliminates risk of phishing links
Fans of virtualization-based security, have little to worry about.
Suppose an attack intended to steal secrets from the OS kernel using Spectre or Meltdown was delivered as a payload in a Word document. If a user opened such a document on a Bromium machine, the document would open within a micro VM, and the attack would execute against the guest kernel. On a Bromium system, the guest kernel contains no real secrets — there’s none of the host’s password hashes or secret keys, so there’s nothing to steal.
Read the entire article here, Enterprise Response by Ian Pratt About Spectre Meltdown
via the fine folks at Bromium