facebook linkedin twitter

ALERT: Your Business’ Infrastructure May Be Susceptible to Meltdown/Spectre Vulnerability

ALERT: Your Business’ Infrastructure May Be Susceptible to Meltdown/Spectre Vulnerability

You’d think that Intel would make sure their firmware is of sound integrity, but unfortunately, a recently discovered vulnerability has revealed that it’s not as secure as previously thought. The issue involving Intel’s chips could potentially lead to a permanent nosedive for your CPU’s capacity to perform as intended, which could have disastrous implications for your business.

An unknown blogger calling themselves Python Sweetness describes the issue as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

The bug found complicated the way that various programs interacted with the CPU. Ordinarily, your CPU will have two modes. Kernel offers a complete “carte blanche” access to the computer or user. This is supposed to be considered the safe mode for your CPU, but Python Sweetness has found that this bug lets programs run through user mode access kernel mode. What this ultimately allows for is the potential for malicious programs to access a user’s hardware--a scary thought indeed.

A fix has been developed that mitigates the issue to a small dip in system performance (approximately 2 percent), which is a much smaller price to pay compared to allowing hackers to influence your hardware itself. Originally, it was thought that the processes would be placed on the kernel mode, then shift back to the user mode as needed, but this process slowed down the system. A new Windows update has resolved the CPU problems, even though most professionals thought that a hardware change was the only way to solve it.

If you have a PC with Windows 10 and an antivirus that supports the patch, you should already have the fix implemented. You should make sure to confirm this by navigating to Settings > Update & Security. Once you’ve done so, make sure you also review your update history and find Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android device users should have had this issue mitigated by an update pushed on January 5, with other updates incoming to strengthen these protections. Phones that fall under the Google brand, including the Nexus and Pixel phones, should have received patches already, with other Android devices soon to be patched as well. You should check your phone to see, and if you haven’t received one, put pressure on your carrier on a visible forum.

Google Chrome should be updated on January 23, and the other browsers should soon follow, with additional mitigations. Until then, you should ask IT to activate Site Isolation to keep potentially malicious sites from harvesting your data from your other browser tabs.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using cursory hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These types of problems are one of the best reasons to have a managed service provider as part of your IT management and maintenance infrastructure. Computerware keeps a close eye on the latest in network security, including any new threats to your business’s data or patches that need to be implemented. We’ll do whatever it takes to keep your business’s technology as secure and up to date as possible.

Your business won’t have to worry about any aspect of IT maintenance, and we can even help your internal team with implementation projects or technology support aspects of running your organization. To learn more, reach out to us at (703) 821-8200.

Social Media is Spurring Business Growth
20-Year-Old Exploit Finds New Life as ROBOT


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, October 19, 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Management Software Business Computing Hackers Microsoft Backup Managed Service Provider Workplace Tips Productivity Data Hardware Saving Money Business Email Malware Network Security IT Services IT Support Hosted Solutions Efficiency Google Small Business Smartphones Computer User Tips Gadgets Quick Tips Mobile Devices Business Continuity Disaster Recovery Innovation Mobile Office Virtualization Network Microsoft Office Android Social Media Server Mobile Device Management VoIP Smartphone Collaboration Communication Miscellaneous Windows 10 Upgrade Ransomware Data Recovery Unified Threat Management Windows Data Backup Tech Term Remote Monitoring IT Support Operating System Passwords Mobile Computing BYOD Remote Computing Managed IT services Holiday Vendor Management Cybersecurity Apps Facebook communications WiFi Productivity Marketing BDR The Internet of Things Analytics Firewall History Apple Users Automation Internet of Things Managed IT Services Data Management Phishing Mobile Device Alert Outsourced IT Save Money App IT Consultant Artificial Intelligence Browser Big data Bandwidth Spam Maintenance Content Filtering Encryption Going Green Health Gmail Office Bring Your Own Device Antivirus Search Cybercrime Outlook Windows 8 Managed IT Cost Management Hiring/Firing Hard Drives Printer Tech Support Lithium-ion Battery Virus Best Practice Office 365 Information Technology Budget Two-factor Authentication Help Desk Wireless Technology Employer-Employee Relationship Business Technology Hacking Money Document Management Cloud Computing Computers IBM Saving Time VPN Travel Phone System Training Update Recovery It Management Hard Drive Law Enforcement Save Time Compliance Data storage Humor Proactive IT Running Cable Windows 10 Networking Legal Regulations Intranet Customer Service Education Government SaaS Website Access Control Administration Risk Management File Sharing Robot Word Applications Securty Business Intelligence Data Security Fax Server Digital Payment Downtime Mobility Avoiding Downtime Solid State Drive Patch Management Blockchain Password Cortana Social Engineering Data Loss Flexibility Hacker Black Market Comparison Tablet iPhone Company Culture Laptop Computer Repair Data Breach Business Growth Social Networking Excel User Project Management Customer Relationship Management Information Machine Learning Augmented Reality Twitter Paperless Office Telephone Systems PowerPoint Wireless Current Events DDoS Sports Computing Disaster End of Support Hosted Solution Net Neutrality Bitcoin Identity Theft IT service Chrome Retail Data Protection Lifestyle Google Maps eWaste Router Politics Value Managed Service Virtual Reality Inbound Marketing Emails Bluetooth Computer Accessories Automobile Conferencing Scam Chromebook Pain Points Vendor Cryptocurrency Trending Redundancy Computing Infrastructure Hack Processors USB Mouse How To Monitoring Google Docs Private Cloud Presentation Experience Download Monitors Digital Programming Cleaning Statistics Telephony Virtual Desktop Websites Specifications Safety Management Office Tips Network Congestion Start Menu Tech Terms Taxes Social YouTube Mobile Technology Gaming Console Distributed Denial of Service Documents Vulnerabilities Heating/Cooling Unified Communications Settings Software as a Service Healthcare Streaming Media Webcam User Error Public Cloud Storage Text Messaging Uninterrupted Power Supply Co-managed IT Electricity Printing Best Available Keyboard Username Electronic Medical Records Permissions Language Sync Unified Threat Management Backup and Disaster Recovery CCTV Thin CLient Gamification Device Management Windows 7 3D Domains Ebay Screen Reader Customer Resource management Notifications switches Writing cache Content Management Television Reliable Computing Public Speaking Smart Tech Distribution Dark Web Music Business Managemenet Business Metrics Computer Malfunction Smart Phones Piracy Upload WannaCry Downloads Shortcut HTML Health IT In Internet of Things Fiber-Optic Database Upgrades Entrepreneur Leadership Mobile Security LiFi Time Management online Currency Freedom of Information Best Practives Troubleshooting Adminstration Pirating Information Telephone System Corporate Profile Assessment SharePoint Scalability HIPAA Multi-Factor Security Cost Bookmark Motion Sickness Environment Software License Trends Deep Learning Google Calendar Messenger Microserver Tracking Competition Devices Work/Life Balance LinkedIn Tip of the week Electronic Payment Fraud Tactics Rental Service Meetings UTM Content Visible Light Communication Memory Touchscreen News Business Owner VoIP Enterprise Resource Planning IT consulting Consultation Archive Evernote Get More Done Cabling IP Address Legislation Error Browsers Knowledge Skype Web Server IT Plan Technology Tips Books Turn Key Workers Upselling Application Accountants A.I. User Tip Virtual Assistant Wi-Fi Printer Server Administrator email scam Human Resources Addiction Supercomputer Multi-factor Authentication Advertising Flash Fake News Trojan Video Surveillance CIO Point of Contact Audit Saving ZTime Migration Connected Devices Windows XP Data Warehousing Worker Wireless Headphones Telephone Staffing Google Wallet Microchip Organize Displays Access Reading Samsung Digital Signature Equifax Fleet Tracking Society Emergency Hard Drive Disposal Network Management Computer Care Analytic Employer Employee Relationship Teamwork Harddrive Device security MSP Recycling Microsoft Excel G Suite Entertainment Debate Micrsooft Desktop Finance Google Drive Windows Server 2008 Licensing GPS Nanotechnology Social Network Drones Product Reviews Hacks Physical Security Spyware Mobile Payment Read Relocation Tablets Startup Asset Tracking Proxy Server Vulnerability Banking Webinar Botnet External Harddrive PDF Business Cards Service Level Agreement Managing Stress CrashOverride Regulation 3D Printing Capital Data Analysis Printers Productuvuty