Presentation is loading. Please wait.

Presentation is loading. Please wait.

Patching firmware, computers, internet of things and more

Published byMorris Bailey Modified over 6 years ago

Similar presentations

Presentation on theme: "Patching firmware, computers, internet of things and more"— Presentation transcript:

1 Patching firmware, computers, internet of things and more
The Spectre of Spectre Patching firmware, computers, internet of things and more

2 Wayne Small Sydney, Australia Catherine Barr Ontario, Canada

3 Security learner Thirdtier.net Patchmanagement.org Windowssecrets.com
Expert in paranoia

4 What’s this all about? Spectre Meltdown
Two named Intel based CPU bugs recently discovered

5 Three Cve’s CVE-2017-5715 - aka Spectre, branch target injection
CVE aka Spectre, bounds check bypass CVE aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read

6 What’s this about? Meltdown allows a local, userland (unprivileged) process to read contents of any memory mapped to the process. This includes kernel memory and this is why this vulnerability is dangerous. Spectre allows a local, userland (unprivileged) process to read contents of memory of other processes

7 What is most at risk? Anything that runs untrusted code on your machine (a browser typically), Anything running in virtualization or clouds.

8 What is most at risk Domain controllers at less risk
Cloud servers most risk Workstations most risk RDS servers most risk

9 What it means

10 Impacted chips Spectre – intel, amd, arm, nvidia, ibm power
Meltdown – intel, arm chips Back to 1995

11 Most at risk Hyperv cloud Virtual vm workstations Read secrets

12 Step one: is your a/v ready?
These patches check if your a/v is ready for this update It’s a kernel update – and a/v vendors hook into the kernel for full protection

13 Patch looks for a reg key
a/v vendors must insert this key (most are at this time) If they are not there, you need to add these registry keys

14 List of a/v vendors 9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=t rue#gid=0

15 If no reg key

16 Easy part – install patches
apply the updates Microsoft released on 1/3 KB for Windows KB for Windows KB for Windows /Server 2016 KB for Windows KB For Windows 10 RTM (for those running Long Term Servicing Branch

17 Patches on 7 and 8.1/Server 2008 r2 - Server 2012 R2
Note no updates for 2008 or 2012

18 Side effects us/help/ /windows-os-security-update-block- for-some-amd-based-devices Issues with amd devices Patch pulled/now rereleased for some – not all

19 Not quite done for servers
Need registry keys deployed

20 For everything BUT hyperV
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Ses sion Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Ses sion Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

21 For HyperV reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f Must reboot to take effect

22 For hyperV Reg needed for:
Windows Server 2016 Hyper-V hosts have guests with VM version below 8.0

23 For VMware releases-patches-for-meltdown-and-spectre-bug/ Word out: vmware is recommending not installing bios updates at this time

24 If you want to disable on workstations/servers
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Ses sion Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Ses sion Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

25 Now comes the hard part Look for firmware updates
The patch is not effective on spectre-2 vuln without the firmware update

26 Issues thus far Lenovo has pulled bios update
Issues with dell bios updates Vmware says to hold back Older desktops – no bios Hp servers gen7 or before

27 Do you have a plan to roll out firmware?
Only surface devices have firmware that comes out on Microsoft update All others come out in various ways

28 Dell rticle/product-support/self-support- knowledgebase/software-and-downloads/support- for-meltdown-and-spectre

29 Lenovo

30 HP cId=emr_na-hpesbhf03805en_us cId=emr_na-a en_us

31 Vendors impacted Query=FIELD+Reference=584653&SearchOrder=4

32 Powershell test to prove

33 Powershell script Better one:

34 SQL Server us/help/ /guidance-for-sql-server

35 Risks of updating Bsod’s Amd machines non bootable
"Intel has notified manufacturers of quality issues in the initial Broadwell microcode update with instructions to no longer distribute the affected microcode."

36 Risks of updating Performance hits Workstations – opening files
RDS servers – will need more hardware/user raTio

37 Microsoft’s reports on perf

38 Risks of not updating Attacks are starting to be seen
Firewall vendors are placing signatures in detection

39 Options Server 2016 + Hyper-V Can work around without BIOS upgrade
CURRENTLY BEING TESTED But no powershell script confirms install

40 In action

41 Here for you If you need help – thirdtier.net is extra hands/brains
Planning implementing

42 Resources ist-of-meltdown-and-spectre-vulnerability-advisories- patches-and-updates/

43 resources Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities speculative-exe  Windows Server Guidance to protect against the speculative execution side-channel vulnerabilities execution-s  Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software updates-released  ADV | Guidance to mitigate speculative execution side-channel vulnerabilities

44 resources Public disclosure SQL Server Guidance to protect against speculative execution side-channel vulnerabilities Microsoft Cloud Protections Against Speculative Execution Side-Channel Vulnerabilities I have not found any evidence of a KB for Exchange Server Guidance. Client Patch (Windows 10)

45 Resources Server Patch (Server Core 1709) Server Patch (Server 2016) Server Patch (Server 2012R2) Server Patch (Server 2008R2)

46 What we do Scholarships Ransomware prevention kit
Help for it professionals

47 Securing Office 365 Office 365 is packed with security settings. Where do you begin? Amy will reveal a standard set of settings that she deploys for her clients February 13th Noon Pacific Time

Download ppt "Patching firmware, computers, internet of things and more"

Similar presentations

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Introduction to Virtualization

Introduction to Virtualization
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
outline Purpose Design Implementation Market Conclusion presentation Outline.

outline Purpose Design Implementation Market Conclusion presentation Outline.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Choose and Book Installing Security Broker (IA) client.

Choose and Book Installing Security Broker (IA) client.
To run the program: To run the program: You need the OS: You need the OS:

To run the program: To run the program: You need the OS: You need the OS:
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
1 #msitcamp FL, MS.

1 #msitcamp FL, MS.
Verify Hardware Requirements Install Windows Server 2008 R2 Configure Active Directory Install SQL Server 2008 Install SharePoint Server 2010 Configure.

Verify Hardware Requirements Install Windows Server 2008 R2 Configure Active Directory Install SQL Server 2008 Install SharePoint Server 2010 Configure.
Virtualization Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation is licensed.

Virtualization Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation is licensed.
IPv6 RA DoS Attacks Sam Bowne gogoNET Live 4 Nov 13, 2013.

IPv6 RA DoS Attacks Sam Bowne gogoNET Live 4 Nov 13, 2013.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Operating Systems Security

Operating Systems Security
Cloud Computing Lecture 5-6 Muhammad Ahmad Jan.

Cloud Computing Lecture 5-6 Muhammad Ahmad Jan.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

Similar presentations

Ads by Google