[Imported] Anyone played with the latest Windows patches yet for Spectre/Meltdown?


[Imported] Anyone played with the latest Windows patches yet for Spectre/Meltdown?

>>Message imported from previous forum - Category:ClearSCADA Software<<
User: florian, originally posted: 2018-10-24 18:26:36 Id:190
This is a re-posting from the obsoleted (October 2018) "Schneider Electric Telemetry & SCADA" forum.


**_Whilst the ClearSCADA product team are yet to release the monthly tested patch list, has anyone tried the patches and set the required Registry settings on a loaded test/dev/offline system to see what the impact is?_**

**_The Internet suggests disk and network system calls could be the big areas impacted, which depending on how you use your system could be significant on your setup and why checking on a loaded test system is probably worth it._**

**_Unfortunately I don't have any suitable loaded test system that I can play with so I'm really curious what others have seen in terms of CPU usage and any possible impact to user experience.Or, has anyone done a risk assessment and decided that the patch is needed now rather than wait? If so, how'd it go?_**


I'm not sure on your opinion of this Adam, but my opinion is that the actual risk of a truly meaningful exploit from Spectre / Meltdown is incredibly small.

With arbitrary code execution, then yes, they allow unauthorised memory access. But things like SCADA servers shouldn't really have large amounts of ingress points for arbitrary code execution. For ClearSCADA it would really be Logic, and SQL.. both of which are constrained enough that I think getting a reliable exploit would be border-line impossible...

In cloud computing, then it is a problem, since there is 'untrusted' execution of arbitrary code on the same physical machine.

I'm not sure that these knee-jerk reactions to security exploits helps in terms of overall security. I expect people right now have dropped all their other security considerations, and are just focusing on Spectre / Meltdown... There are probably people right now that have Domain Admin level accounts called 'admin' with the password 'admin', and computers accessible over the internet, that are frantically auditing all of their computers to see which have Intel CPUs in them... obviously not the right priorities.


There was no opinion there, just a question to the wider audience 🙂
In general I agree 100% with what you said, but not every enduser of ClearSCADA will be in the same situation. Perhaps they have a corporate policy that dictates their patch deployment, or maybe their SCADA system isn't so critical so they just do automatic updates from Microsoft, or even their SCADA servers are more exposed for some reason (perhaps for cost saving they use their SCADA servers as user terminal services too)_**


Also related is that there seems to be some RPC issues with the update that Microsoft released (I'm guessing another fix other than the Spectre and Meltdown fixes that was in the megapatch), see https://support.microsoft.com/en-ie/help/4056898/windows-81-update-kb4056898. This could cause problems with OPC as that potentially uses DCOM which uses RPC._**

**_If you use ClearSCADA client components to talk to a ClearSCADA server via the local OPC server endpoint then RPC/DCOM isn't used._**