This past January, it was revealed that there are two significant design vulnerabilities in the majority of microprocessor chips used to run our digital world. Meltdown and Spectre are design vulnerabilities inherent in the majority of chipsets used since 1995, including the mainframe.
“Why is it called Meltdown?”
“The vulnerability basically melts security boundaries which are normally enforced by the hardware.”
“Why is it called Spectre?”
“The name is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time.”
For the mainframe, the most problematic vulnerability appears to be Spectre, as the mainframe chipset uses speculative execution. And what exactly is speculative execution?
Webster Dictionary defines it as “A technique allows a superscalar processor to keep its functional units as busy as possible by executing instructions before it is known that they will be needed.”
This allows the processor to operate at a significantly higher efficiency.
IBM has released security patches for systems running Z/OS, Linux on Z and Z/VM. You should verify with your systems programmer that the appropriate PTF’s (Program Temporary Fix) has been installed on your system.
Even with the current PTF’s applied, IBM has strongly advised that you actively monitor the IBM Support Portal and IBM Psirt Blog for updates on these vulnerabilities as it is possible that updated PTF’s will be released.
Now for a little good news:
In order for someone to exploit these vulnerabilities, a person must have authorized access to the system to run code. If you are following best practices with your system security and limiting access to only those that have the proper clearance, your exposure should be very low. And, as of this writing, there does not appear to be any known malware associated with the vulnerabilities.
At least, for now…
If you have a temporary or permanent IT Mainframe Support need or a question about our Mainframe Support services and would like to learn more, please contact us today.