(707) 268-8850    Get SUPPORT

Network Management Services Blog

Network Management Services has been serving the Eureka area since 1995, providing IT Support including technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like Network Management Services are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to Network Management Services at (707) 268-8850.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 21 February 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Cloud Technology Best Practices Business Computing Network Security Managed IT Services Privacy Hackers Backup VoIP Malware Google Mobile Devices Email IT Support Outsourced IT Data Backup Hosted Solutions Innovation Microsoft Business Continuity Software Small Business Business Saving Money Hardware Disaster Recovery Efficiency Communications Data Recovery Cloud Computing Avoiding Downtime Cybercrime Data Alert Android How To Cybersecurity Server BDR Ransomware Smartphones Social Engineering Two-factor Authentication Internet of Things Mobility Chrome User Tips Internet Communication Managed IT Managed IT Services Windows IT Services Computers Spam Mobile Device Management BYOD Proactive IT Telephone Systems Business Management Business Intelligence Smartphone Flexibility Windows 10 Budget Gadgets Browser Phishing Artificial Intelligence Social Media Private Cloud Law Enforcement Save Money Passwords Collaboration Operating System Data Security Compliance Firewall Money Vulnerability Remote Monitoring Router Data Storage Bring Your Own Device Work/Life Balance CES Solid State Drive Network Hacking OneNote IT Management Employer-Employee Relationship Business Owner Identity Theft Data Breach Miscellaneous Upgrade Physical Security Government IT Plan Virtualization Document Management Credit Cards Bandwidth Windows 10 Word Google Drive Spam Blocking Unsupported Software Value Wi-Fi Holiday Computer Public Cloud Office Tips Managed Service Provider Data Protection App Redundancy Workers Quick Tips Office 365 Information Technology Data storage Content Filtering Productivity Cast Charger Hard Drives HIPAA Recycling Update Emails Relocation Millennials Health Frequently Asked Questions Monitor Wireless Charging Skype Network Congestion Computer Fan Electronic Medical Records eWaste Humor Workforce Files Excel HaaS Data Management Fiber-Optic Internet Exlporer Start Menu IT Consultant Reputation FENG Unified Threat Management Keyboard Criminal Google Docs Apps Telecommuting Tip of the week Emergency Safety Productivity The Internet of Things Cables End of Support Mobile Leadership Customer Data Warehousing Hiring/Firing Voice over Internet Protocol Netflix Remote Work Windows Server 2008 Patch Management Big Data Unified Communications Internet exploMicrosoft Professional Services VPN Computer Care Content Management Multi-Factor Security Settings Windows 7 Scam Theft Advertising Tools webinar Samsung Blockchain Trending Legal Colocation Regulations Human Resources Recovery Google Apps Conferencing Downtime Lifestyle Save Time Facebook Fraud Computing Infrastructure Servers Networking Staff Root Cause Analysis Infrastructure Botnet IT Support Mobile Computing Windows 10s Apple Software Tips Cortana Mobile Device Wireless Technology Amazon Flash Supercomputer Meetings IBM Password Manager Hybrid Cloud Travel iPhone SaaS Hosted Solution Hacker Marketing Microsoft Office Amazon Web Services History Data loss Training Risk Management Black Market Business Mangement Comparison HBO Password Website Online Shopping Sync Current Events Screen Mirroring Gmail Software as a Service Office Specifications Automation Outlook Evernote User Error Telephony Knowledge Audit Education Television Books Automobile Scalability Public Speaking Applications WiFi Webinar Public Computer Lithium-ion battery Augmented Reality Virtual Reality Tech Support IT solutions Workplace Tips Employer Employee Relationship Cleaning Experience Worker Commute Competition Fun Content Instant Messaging Computer Accessories Music Users Audiobook How to CrashOverride Bluetooth Wearable Technology Transportation Wireless Search Entertainment USB Best Practice Presentation Benefits Worker Shadow IT Loyalty Troubleshooting Administration Digital Signature Smart Technology 5G Rootkit Customer Relationship Management PDF IP Address Video Games Two Factor Authentication Vendor Management Politics Battery Customer Service Assessment Mobile Office Techology Remote Computing Domains

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *