Mitigating the Microarchitecture Data Sampling vulnerability through SanerNow

    Follow

    In the May edition of the Microsoft Patch Tuesday, Microsoft released several updates to mitigate what is known as Micro-architectural Data Sampling. These vulnerabilities are a subset of speculative execution side channel vulnerabilities and were brought to light by Intel. The vulnerabilities are assigned the following CVEs:

    • CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS)
    • CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS)
    • CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS)
    • CVE-2018-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

    In addition to installing the respective updates, Microsoft recommends additional measures to enable protections from the above vulnerabilities. These measures require the creation of certain Windows Registry entries. In this article we describe the steps to fix and mitigate the above vulnerabilities using SanerNow.

    Affected OS:

    All supported Microsoft Windows operating systems

    Solution :

    SanerNow: Vulnerability detection and patching(installing updates and registry changes)of Microarchitectural Data Sampling vulnerabilities can be automated through SanerNow by following a few simple steps

    1. Login to SanerNow platform

    2. Switch to the account/site specific view and Go to 'VM tool'

    3. CVE-2018-12126, CVE-2018-12130, CVE-2018-12127 and CVE-2018-11091 vulnerabilities will be listed in 'Top Vulnerabilities' or 'Recently Discovered Vulnerabilities' as shown in the below image

    mceclip1.png

     

    4. Search for these vulnerabilities in VM tool. If you are affected, apply the patch through PM -> Missing Patches

    5. Select 'Groups/Devices' in the 'Asset Source' section and click 'Apply'.

    6. Select the appropriate patches from the 'Asset' section as shown in the below image. Please refer this Microsoft advisory for more information (Need to select the KB applicable to your respective OS along with exe being displayed)

    rempanel.png

    7. Select 'Apply Selected Patches' at the rightmost corner. This will prompt for 'Creating Patching Task'. Fill in 'Task Name' and 'Remediation Schedule' as per your preference and click on 'Apply Selected Patches' as shown below,

    8. Remediation job will be created, which will fix the vulnerability by applying the patch.

    9. Once remediation is done, the Saner agent automatically scans again and uploads the result.


    Note : The above CVEs are also applicable to systems using Apple Mac OS X and can be mitigated in a similar way as above using SanerNow.

    References:

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190013

    https://support.microsoft.com/en-in/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

    https://support.microsoft.com/en-in/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot

     

     

    Was this article helpful?
    0 out of 0 found this helpful

    Comments