What is Spectre/Meltdown?
Two separate hardware-based exploits have been made public that affect all modern CPU chips, including Intel, AMD and ARM, and operating systems. It is difficult to understate the impact.
This flaw allows attackers to dump the entire memory contents off of a machine/mobile device/PC/cloud server, which could include passwords, SSL keys, etc.
The “Meltdown” flaw is isolated to Intel and has vast potential to malignant actors, while the “Spectre” flaw affects all processors and is more difficult to exploit.
For now patches will be issued, but in the future, hardware design changes will eliminate these in future CPU releases.
How do I protect my systems?
Emergency patches have been or will be released by Microsoft and you will need to apply them to all servers. Hypervisors will also need to be patched. SQL Servers will also need to be patched. Application changes may also be recommended.
How does this affect my Azure SQL Database (PaaS)?
Patches have already been applied by Microsoft.
How does this affect my SQL Server instance?
Aside from hypervisor and OS patches, SQL Server patches will be made available. At this moment, only patches for SQL 2016 and 2017 are available and should be applied as soon as possible.
Additionally, Microsoft is reiterating some code recommendations as an additional step for applications that run on the same Windows Server as a SQL Server instance.
We can help…
Our SQL and database consultants can help your team navigate these security issues. Contact us: http://www.sparkhound.com/contact