(707) 268-8850    Get SUPPORT

Network Management Services Blog

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like Network Management Services are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to Network Management Services at (707) 268-8850.

What Does Redundancy Mean for Your Business
Personalities are Key to Successful Networking
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, August 19 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Cloud Best Practices Network Security Privacy Business Computing Managed IT Services Malware Data Backup Hackers Backup VoIP Google Hosted Solutions Email Data Recovery Innovation Outsourced IT Mobile Devices IT Support Tech Term Cloud Computing Microsoft Data Software Business Continuity Efficiency Communications Saving Money Internet of Things Hardware BDR Internet IT Services Small Business Cybersecurity Ransomware Cybercrime Business Android Disaster Recovery User Tips Smartphones Alert Communication How To Artificial Intelligence Gadgets Network Browser Server Avoiding Downtime Computers Managed IT Services Managed IT Smartphone Windows Phishing Social Engineering Two-factor Authentication Law Enforcement Business Intelligence Collaboration Passwords Data Security Data Protection Productivity Router BYOD Vulnerability Business Management Money Miscellaneous Save Money Social Media Mobile Device Management Mobility Chrome Firewall Computer Connectivity Windows 10 Remote Monitoring Redundancy Document Management Productivity Virtualization Operating System Bandwidth Budget Facebook Proactive IT Applications Office 365 IT Support VPN Identity Theft Upgrade Flexibility Word Spam Managed Service Provider Blockchain Telephone Systems Compliance Private Cloud Wi-Fi Password Quick Tips Spam Blocking Business Owner Infrastructure Public Cloud Information Technology Data Breach Employer-Employee Relationship Work/Life Balance Content Filtering Data storage Apps Information Data loss Microsoft Office Comparison File Sharing OneNote Value CES IT Management Big Data Windows 7 Networking Website Hacking Bring Your Own Device Access Control Content Management Paperless Office Office Tips IT Plan Smart Tech Mobile Device Update Physical Security Automation App Unsupported Software Government Credit Cards Windows 10 Servers Solid State Drive Data Storage Holiday Workers Google Drive Analysis Software Tips Data Management Mobile Computing Wireless Charging Nanotechnology Cryptocurrency FENG Start Menu Human Resources Healthcare Fraud Computing Infrastructure Practices Flash Keyboard Computer Care Settings Humor eWaste Wire Google Docs Current Events Files Accountants Augmented Reality Tip of the week Telecommuting Storage Meetings Travel Scam Wireless Technology webinar Reputation Fiber-Optic Internet Exlporer Safe Mode Mobile Hosted Solution Apple Staff Electronic Health Records Amazon Hosted Computing HVAC IBM Windows 10s Samsung Criminal Sports MSP Safety Data Warehousing Voice over Internet Protocol Knowledge The Internet of Things Legal Windows Server 2008 Risk Management Remote Work Charger Emails Password Manager Hybrid Cloud Marketing Hacker Education HBO Conferencing Customer Cables End of Support Devices Recovery Professional Services Hard Drives iPhone Digital Signature Machine Learning Network Congestion Monitor Amazon Web Services History Inventory Enterprise Content Management Sync Smart Office Save Time Multi-Factor Security Electronic Medical Records IoT Business Mangement Addiction Managed Service Screen Mirroring Software as a Service HaaS Outlook Specifications Unified Communications Internet exploMicrosoft Thought Leadership Business Technology CrashOverride Tools Encryption YouTube Trending IT Consultant Online Shopping Password Management Audit Telephony Cortana Regulations HIPAA Unified Threat Management Office Gmail Cache Cast Supercomputer Frequently Asked Questions Entertainment Millennials Theft Advertising Streaming Media Virtual Assistant Downtime Emergency Strategy Lifestyle Leadership Evernote User Error Authentication NIST Computer Fan Workplace Tips Skype USB SaaS Students Colocation Insurance Cleaning Netflix Relocation Recycling Wireless Internet Excel Workforce Training Google Apps Content Filter Telephone System PDF Root Cause Analysis Black Market Botnet Patch Management Hiring/Firing Health Computer Accessories Instant Messaging Troubleshooting Presentation Video Games Fun Line of Business Lithium-ion battery Two Factor Authentication Vendor Management Regulation Battery 5G Techology Bluetooth Tech Support How to Assessment Administration Remote Computing Experience Twitter Transportation Content Books Television Customer Relationship Management Scalability Music Search Remote Worker Competition Best Practice Politics Webinar IP Address Benefits Audiobook Worker Users Shadow IT Public Computer Customer Service Wearable Technology Loyalty Wiring IT solutions Proactive Mobile Office Virtual Reality Smart Technology Domains Rootkit Company Culture Automobile Employer Employee Relationship Wireless Remote Monitoring and Maintenance Worker Commute WiFi Managing Stress Public Speaking