ALERT: Your Business’ Infrastructure May Be Susceptible to Meltdown/Spectre Vulnerability

ALERT: Your Business’ Infrastructure May Be Susceptible to Meltdown/Spectre Vulnerability

You’d think that Intel would make sure their firmware is of sound integrity, but unfortunately, a recently discovered vulnerability has revealed that it’s not as secure as previously thought. The issue involving Intel’s chips could potentially lead to a permanent nosedive for your CPU’s capacity to perform as intended, which could have disastrous implications for your business.

An unknown blogger calling themselves Python Sweetness describes the issue as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

The bug found complicated the way that various programs interacted with the CPU. Ordinarily, your CPU will have two modes. Kernel offers a complete “carte blanche” access to the computer or user. This is supposed to be considered the safe mode for your CPU, but Python Sweetness has found that this bug lets programs run through user mode access kernel mode. What this ultimately allows for is the potential for malicious programs to access a user’s hardware--a scary thought indeed.

A fix has been developed that mitigates the issue to a small dip in system performance (approximately 2 percent), which is a much smaller price to pay compared to allowing hackers to influence your hardware itself. Originally, it was thought that the processes would be placed on the kernel mode, then shift back to the user mode as needed, but this process slowed down the system. A new Windows update has resolved the CPU problems, even though most professionals thought that a hardware change was the only way to solve it.

If you have a PC with Windows 10 and an antivirus that supports the patch, you should already have the fix implemented. You should make sure to confirm this by navigating to Settings > Update & Security. Once you’ve done so, make sure you also review your update history and find Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android device users should have had this issue mitigated by an update pushed on January 5, with other updates incoming to strengthen these protections. Phones that fall under the Google brand, including the Nexus and Pixel phones, should have received patches already, with other Android devices soon to be patched as well. You should check your phone to see, and if you haven’t received one, put pressure on your carrier on a visible forum.

Google Chrome should be updated on January 23, and the other browsers should soon follow, with additional mitigations. Until then, you should ask IT to activate Site Isolation to keep potentially malicious sites from harvesting your data from your other browser tabs.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using cursory hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These types of problems are one of the best reasons to have a managed service provider as part of your IT management and maintenance infrastructure. Computerware keeps a close eye on the latest in network security, including any new threats to your business’s data or patches that need to be implemented. We’ll do whatever it takes to keep your business’s technology as secure and up to date as possible.

Your business won’t have to worry about any aspect of IT maintenance, and we can even help your internal team with implementation projects or technology support aspects of running your organization. To learn more, reach out to us at (703) 821-8200.

Social Media is Spurring Business Growth
20-Year-Old Exploit Finds New Life as ROBOT


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 25 May 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Management Microsoft Business Computing Software Hackers Managed Service Provider Backup Productivity Workplace Tips Data Hardware Business Saving Money Malware Email IT Support IT Services Hosted Solutions Google Network Security Small Business Efficiency Smartphones Quick Tips Gadgets Mobile Devices Business Continuity User Tips Computer Disaster Recovery Mobile Office Virtualization Network Microsoft Office Server Android VoIP Social Media Mobile Device Management Smartphone Miscellaneous Windows 10 Upgrade Innovation Unified Threat Management Windows Ransomware Remote Monitoring Operating System Communication Passwords Holiday Mobile Computing Remote Computing Vendor Management Collaboration Apps BYOD WiFi Cybersecurity Marketing Facebook The Internet of Things Apple Managed IT services Firewall Analytics Users History IT Support Alert Productivity Data Management communications App IT Consultant Automation Managed IT Services Save Money Data Backup Outsourced IT Data Recovery Internet of Things Phishing Content Filtering Gmail Mobile Device Office Bring Your Own Device Big data Spam BDR Health Bandwidth Hiring/Firing Budget Managed IT Hard Drives Lithium-ion Battery Best Practice Information Technology Going Green Browser Windows 8 Tech Term Outlook Cybercrime Artificial Intelligence Wireless Technology Maintenance Antivirus Printer Search Virus Tech Support Phone System Encryption Computers IBM Recovery Employer-Employee Relationship Update Help Desk Hacking Cost Management Office 365 Money Document Management Compliance Proactive IT Customer Service Two-factor Authentication Data storage Running Cable Hard Drive Saving Time VPN Website Government Intranet Travel Legal Cloud Computing Networking Education Risk Management Humor Administration SaaS Save Time It Management Law Enforcement Training User Comparison Tablet Solid State Drive iPhone Blockchain Company Culture Data Loss Current Events Computer Repair Black Market Social Networking Wireless Flexibility Excel DDoS Mobility Laptop Data Breach Business Growth Windows 10 Twitter Social Engineering Project Management Augmented Reality Fax Server PowerPoint Word Regulations Paperless Office Password Cortana Hacker Disaster Access Control Business Intelligence Hosted Solution Digital Payment End of Support Robot Telephone Systems Downtime Securty Avoiding Downtime Data Security Public Cloud Business Technology Virtual Desktop Patch Management Trending Specifications Safety Vulnerabilities Mouse Identity Theft Pain Points Social Bluetooth Scam Co-managed IT Documents User Error Heating/Cooling Cryptocurrency Google Maps Redundancy Statistics Programming Politics Storage Google Docs Virtual Reality Network Congestion Experience Automobile Customer Relationship Management Emails Cleaning Applications Monitors Chromebook Digital Lifestyle Websites Retail Office Tips Computing Infrastructure Hack Gaming Console Streaming Media How To Start Menu Tech Terms eWaste Value Private Cloud Webcam YouTube Mobile Technology Text Messaging Unified Communications Settings Software as a Service Net Neutrality Sports Chrome Uninterrupted Power Supply Computing Telephony Processors Taxes Bitcoin Distributed Denial of Service Router USB Inbound Marketing Computer Accessories Presentation Data Protection IT service Application Music Licensing Leadership Organize Multi-factor Authentication Human Resources switches Writing Hacks Physical Security cache Adminstration Television Pirating Information Management Relocation Tablets Migration LinkedIn Upgrades Banking Botnet WannaCry Downloads Wireless Headphones File Sharing Time Management Freedom of Information Sync Corporate Profile Equifax LiFi Healthcare Archive Digital Signature Device security Skype Notifications CCTV Assessment SharePoint Teamwork Work/Life Balance Reliable Computing Tip of the week Webinar Desktop Entertainment Deep Learning Business Metrics Computer Malfunction Google Calendar Nanotechnology Touchscreen News Business Cards In Internet of Things VoIP Upselling Startup Point of Contact Visible Light Communication Memory Unified Threat Management Backup and Disaster Recovery Knowledge PDF IT consulting Consultation Evernote Video Surveillance Best Available Keyboard Scalability Saving ZTime Virtual Assistant Motion Sickness Technology Tips Screen Reader Messenger Tracking Fake News Piracy Recycling Domains CIO Audit Smart Tech Analytic Advertising Flash Debate Best Practives Fiber-Optic Database Public Speaking Staffing Google Wallet Harddrive HTML Product Reviews Windows XP Rental Service Meetings Data Warehousing Read Shortcut Society Cabling Emergency Hard Drive Disposal Mobile Security Displays Download Web Server Access GPS Conferencing Books Workers External Harddrive Microsoft Excel Software License Troubleshooting Micrsooft Wi-Fi Administrator Computer Care Microserver Multi-Factor Security Entrepreneur Windows Server 2008 Fraud Tactics Device Management HIPAA Drones Devices Environment Supercomputer Google Drive Content Management Competition Machine Learning Worker Vulnerability Thin CLient UTM Business Managemenet Electronic Payment Microchip Spyware 3D Mobile Payment Ebay Get More Done Monitoring Permissions Language Reading Samsung Smart Phones Printer Server IT Plan Business Owner Electricity Printing Turn Key Legislation Windows 7 Trojan email scam Addiction online Currency IP Address G Suite Accountants Employer Employee Relationship CrashOverride 3D Printing Capital Productuvuty