ALERT: Your Business’ Infrastructure May Be Susceptible to Meltdown/Spectre Vulnerability

ALERT: Your Business’ Infrastructure May Be Susceptible to Meltdown/Spectre Vulnerability

You’d think that Intel would make sure their firmware is of sound integrity, but unfortunately, a recently discovered vulnerability has revealed that it’s not as secure as previously thought. The issue involving Intel’s chips could potentially lead to a permanent nosedive for your CPU’s capacity to perform as intended, which could have disastrous implications for your business.

An unknown blogger calling themselves Python Sweetness describes the issue as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

The bug found complicated the way that various programs interacted with the CPU. Ordinarily, your CPU will have two modes. Kernel offers a complete “carte blanche” access to the computer or user. This is supposed to be considered the safe mode for your CPU, but Python Sweetness has found that this bug lets programs run through user mode access kernel mode. What this ultimately allows for is the potential for malicious programs to access a user’s hardware--a scary thought indeed.

A fix has been developed that mitigates the issue to a small dip in system performance (approximately 2 percent), which is a much smaller price to pay compared to allowing hackers to influence your hardware itself. Originally, it was thought that the processes would be placed on the kernel mode, then shift back to the user mode as needed, but this process slowed down the system. A new Windows update has resolved the CPU problems, even though most professionals thought that a hardware change was the only way to solve it.

If you have a PC with Windows 10 and an antivirus that supports the patch, you should already have the fix implemented. You should make sure to confirm this by navigating to Settings > Update & Security. Once you’ve done so, make sure you also review your update history and find Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android device users should have had this issue mitigated by an update pushed on January 5, with other updates incoming to strengthen these protections. Phones that fall under the Google brand, including the Nexus and Pixel phones, should have received patches already, with other Android devices soon to be patched as well. You should check your phone to see, and if you haven’t received one, put pressure on your carrier on a visible forum.

Google Chrome should be updated on January 23, and the other browsers should soon follow, with additional mitigations. Until then, you should ask IT to activate Site Isolation to keep potentially malicious sites from harvesting your data from your other browser tabs.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using cursory hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These types of problems are one of the best reasons to have a managed service provider as part of your IT management and maintenance infrastructure. Computerware keeps a close eye on the latest in network security, including any new threats to your business’s data or patches that need to be implemented. We’ll do whatever it takes to keep your business’s technology as secure and up to date as possible.

Your business won’t have to worry about any aspect of IT maintenance, and we can even help your internal team with implementation projects or technology support aspects of running your organization. To learn more, reach out to us at (703) 821-8200.

Social Media is Spurring Business Growth
20-Year-Old Exploit Finds New Life as ROBOT


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, August 16, 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Internet Cloud Business Management Software Business Computing Microsoft Hackers Backup Managed Service Provider Productivity Workplace Tips Data Hardware Business Saving Money Malware Email IT Support IT Services Hosted Solutions Google Network Security Small Business Efficiency Smartphones Quick Tips Gadgets User Tips Business Continuity Mobile Devices Computer Disaster Recovery Microsoft Office Mobile Office Virtualization Network Innovation Android Mobile Device Management Server VoIP Social Media Miscellaneous Smartphone Ransomware Windows 10 Upgrade Unified Threat Management Windows Operating System Collaboration Communication Remote Monitoring Data Backup BYOD Passwords Remote Computing Data Recovery Holiday Mobile Computing Managed IT services WiFi Vendor Management Apps Facebook Cybersecurity IT Support Tech Term Marketing communications The Internet of Things Automation History Firewall Apple Users Analytics BDR Alert Productivity Internet of Things Data Management Managed IT Services IT Consultant App Save Money Artificial Intelligence Outsourced IT Mobile Device Phishing Health Gmail Office Content Filtering Going Green Bandwidth Big data Maintenance Spam Bring Your Own Device Wireless Technology Hiring/Firing Antivirus Hard Drives Search Browser Cybercrime Windows 8 Outlook Lithium-ion Battery Cost Management Best Practice Information Technology Managed IT Printer Tech Support Virus Budget Encryption Two-factor Authentication Document Management Phone System Recovery Computers Employer-Employee Relationship Travel Hacking Update IBM Office 365 Help Desk Money Customer Service Administration Legal Proactive IT Networking Running Cable Website Cloud Computing Government Saving Time Regulations Access Control VPN Intranet Education SaaS It Management Business Technology Law Enforcement Risk Management Training Humor Compliance Save Time Data storage Windows 10 Hard Drive Project Management Laptop Comparison Applications Tablet Company Culture Mobility Business Growth Wireless DDoS Computer Repair Social Engineering Current Events Social Networking Paperless Office Avoiding Downtime Word Twitter iPhone Disaster Computing Hosted Solution Password Cortana Data Security Fax Server End of Support Machine Learning Robot Hacker Excel Patch Management Blockchain Securty Telephone Systems Data Loss Solid State Drive Customer Relationship Management Business Intelligence Augmented Reality Digital Payment PowerPoint File Sharing Downtime Black Market Data Breach Flexibility User Webcam Google Maps Google Docs Social Digital Text Messaging Websites Politics Experience Documents Trending Virtual Reality Emails Cleaning Start Menu Tech Terms Mouse Automobile Monitors Heating/Cooling Storage Office Tips Mobile Technology Chromebook Software as a Service Programming Co-managed IT Statistics Computing Infrastructure Hack User Error Network Congestion Uninterrupted Power Supply How To YouTube Inbound Marketing Unified Communications Settings Retail Monitoring Private Cloud Sports Download Bitcoin eWaste Streaming Media Telephony Pain Points Data Protection Lifestyle Value Management Taxes Distributed Denial of Service IT service Processors Vulnerabilities Net Neutrality Scam Chrome Healthcare Public Cloud USB Presentation Redundancy Bluetooth Router Gaming Console Identity Theft Cryptocurrency Specifications Safety Computer Accessories Virtual Desktop Virtual Assistant Screen Reader Reliable Computing GPS Technology Tips Business Metrics Gamification Computer Malfunction Trojan Visible Light Communication Memory External Harddrive Fake News Smart Tech Distribution Organize Audit Piracy LinkedIn Upload In Internet of Things IT consulting Digital Signature Entertainment Fiber-Optic Database Teamwork Data Warehousing HTML Managed Service Flash Thin CLient Emergency Hard Drive Disposal Archive Conferencing Scalability CIO 3D Access Ebay Mobile Security Skype Motion Sickness Advertising Smart Phones Microsoft Excel Multi-Factor Security Messenger Cost Tracking Staffing Google Wallet PDF Computer Care Software License Trends Windows XP Devices Rental Service Meetings Webinar Society Fraud Tactics Displays Best Available Keyboard Google Drive Windows Server 2008 Point of Contact Domains Leadership Vulnerability Cabling Micrsooft Adminstration Spyware Pirating Information Mobile Payment UTM Content Web Server Public Speaking Legislation Books Error Workers Drones Electricity Printing IT Plan Wi-Fi Enterprise Resource Planning Administrator Windows 7 Accountants Analytic A.I. Supercomputer Recycling email scam Addiction Shortcut Permissions Language Troubleshooting Worker Entrepreneur cache Television Multi-factor Authentication Microchip Product Reviews Information HIPAA Wireless Headphones Reading Read Samsung Environment WannaCry Downloads Migration Connected Devices Best Practives Time Management Freedom of Information Equifax Fleet Tracking Employer Employee Relationship Music Electronic Payment Upselling Corporate Profile Network Management G Suite switches Writing Competition Business Owner Device Management Licensing Microserver Upgrades Assessment Video Surveillance SharePoint Device security Hacks MSP Physical Security IP Address Saving ZTime Tip of the week Content Management Nanotechnology Relocation Tablets Google Calendar Desktop Banking Business Managemenet Finance Botnet LiFi Touchscreen News Startup Asset Tracking Human Resources VoIP Business Cards Service Level Agreement Sync Get More Done Application Printer Server Work/Life Balance Harddrive Knowledge Unified Threat Management online Currency Backup and Disaster Recovery Turn Key Deep Learning Consultation Debate Evernote Notifications Username CCTV Capital 3D Printing Managing Stress Productuvuty Regulation CrashOverride