(707) 268-8850    Get SUPPORT

Network Management Services Blog

Network Management Services has been serving the Eureka area since 1995, providing IT Support including technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like Network Management Services are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to Network Management Services at (707) 268-8850.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 20 May 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Cloud Network Security Best Practices Business Computing Privacy Managed IT Services Hackers Backup Google VoIP Malware Data Backup Hosted Solutions Email IT Support Software Mobile Devices Outsourced IT Innovation Data Recovery Internet Microsoft Cloud Computing Saving Money Business Continuity Ransomware Business Cybercrime Efficiency Data Small Business Cybersecurity BDR IT Services Communications Android Hardware Disaster Recovery Internet of Things How To User Tips Computers Server Communication Avoiding Downtime Alert Smartphones Smartphone Managed IT Browser Data Protection Data Security Vulnerability BYOD Social Engineering Collaboration Managed IT Services Tech Term Windows Mobility Business Intelligence Mobile Device Management Artificial Intelligence Two-factor Authentication Business Management Law Enforcement Chrome Phishing Money Bandwidth Virtualization Redundancy Social Media Passwords Compliance Firewall Flexibility Network Remote Monitoring Productivity VPN Windows 10 Spam Proactive IT Telephone Systems Identity Theft Private Cloud Save Money Budget Gadgets Operating System Employer-Employee Relationship Miscellaneous Upgrade Information Technology Spam Blocking Data loss Automation Value Comparison Windows 10 Holiday Router Wi-Fi Computer Update Managed Service Provider Workers Data Storage Quick Tips Solid State Drive Content Filtering Office 365 Smart Tech Hacking Data storage Business Owner CES Physical Security Government Document Management OneNote IT Management Bring Your Own Device Google Drive IT Plan Work/Life Balance Credit Cards Public Cloud Word Office Tips Apps Productivity Mobile Device Unsupported Software Infrastructure App Big Data Data Breach Amazon Black Market Flash PDF webinar Access Control Meetings Samsung Password Manager Travel Password Strategy Amazon Web Services Conferencing Authentication Office Business Mangement HBO User Error Networking Analysis Online Shopping Sync IT Support Nanotechnology Relocation Windows 10s Screen Mirroring Health Gmail Software as a Service Specifications Outlook Supercomputer Accountants Cortana Evernote Applications Telephony Connectivity Audit Humor Wireless Technology Cast Files SaaS Hosted Solution Recycling HaaS Millennials IBM Frequently Asked Questions Internet Exlporer Reputation Training Risk Management Wireless Charging Hacker Skype Devices Marketing Computer Fan eWaste Microsoft Office Workforce Excel End of Support Current Events IoT Customer Fiber-Optic Start Menu Thought Leadership FENG Website Criminal Google Docs Telecommuting Tip of the week Internet exploMicrosoft Knowledge Charger HIPAA Cables Mobile Emails Streaming Media Data Warehousing Voice over Internet Protocol Hard Drives Remote Work Windows Server 2008 Advertising Network Congestion Insurance Electronic Medical Records Monitor Unified Communications Professional Services Content Filter Legal Colocation Human Resources Content Management Multi-Factor Security Data Management Recovery Windows 7 IT Consultant Practices Unified Threat Management Keyboard Theft Save Time Tools Facebook Storage Trending Computing Infrastructure Staff Emergency Blockchain Regulations Leadership Hosted Computing Downtime Apple Cleaning Google Apps Safety Netflix Lifestyle The Internet of Things Digital Signature Patch Management Hiring/Firing Fraud Servers Hybrid Cloud Inventory Root Cause Analysis iPhone Computer Care Botnet Settings Addiction Mobile Computing Software Tips History Encryption Scam Audiobook Users Bluetooth Cache Wearable Technology Video Games Transportation Entertainment Battery Wireless Internet USB Wireless Techology Search Remote Computing Benefits Worker Education Presentation Loyalty Troubleshooting Scalability Smart Technology Rootkit 5G Virtual Reality WiFi Workplace Tips Customer Relationship Management Two Factor Authentication Vendor Management Politics Worker Commute IP Address Assessment Instant Messaging Customer Service Mobile Office Domains Television Books Automobile How to Webinar Public Speaking Public Computer Lithium-ion battery IT solutions CrashOverride Best Practice Augmented Reality Shadow IT Tech Support Employer Employee Relationship Experience Twitter Administration Content Computer Accessories Competition Music Fun

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *