Your Business’ Infrastructure May Be Susceptible to Meltdown/Spectre Vulnerability2 Min Well Spent

With Intel being the world’s largest computer processor manufacturer, you’d expect they would make sure their firmware was up to high-security standards. When news of the Meltdown/Spectre vulnerabilities hit the major outlets, it was revealed that Intel chips had a bit of a problem. The issue with the chips could lead to a significant drop in the CPU’s performance. Any reduction in performance will have a negative impact on your business.

What is Meltdown/Spectre?

An unknown blogger calling themselves Python Sweetness describes the issue as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”
The bug found complicated the way that various programs interacted with the CPU. Ordinarily, your CPU will have two modes. Kernel offers a complete “carte blanche” access to the computer or user. This is supposed to be considered the safe mode for your CPU, but Python Sweetness has found that this bug lets programs run through user mode access kernel mode. What this ultimately allows for is the potential for malicious programs to access a user’s hardware–a scary thought indeed.

The Fix to Stop Meltdown/Spectre

A fix has been developed that mitigates the issue to a small dip in system performance (approximately 2 percent), which is a much smaller price to pay compared to allowing hackers to influence your hardware itself. Originally, it was thought that the processes would be placed on the kernel mode, then shift back to the user mode as needed, but this process slowed down the system. A new Windows update has resolved the CPU problems, even though most professionals thought that a hardware change was the only way to solve it.

Windows PC

If you have a PC with Windows 10 and an antivirus that supports the patch, you should already have the fix implemented. You should make sure to confirm this by navigating to Settings > Update & Security. Once you’ve done so, make sure you also review your update history and find Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android Devices

Android device users should have had this issue mitigated by an update pushed on January 5, with other updates incoming to strengthen these protections. Phones that fall under the Google brand, including the Nexus and Pixel phones, should have received patches already, with other Android devices soon to be patched as well. You should check your phone to see, and if you haven’t received one, put pressure on your carrier on a visible forum.

Google Chrome

Google Chrome should be updated on January 23, and the other browsers should soon follow, with additional mitigations. Until then, you should ask IT to activate Site Isolation to keep potentially malicious sites from harvesting your data from your other browser tabs.

Other Devices

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using cursory hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These types of problems are one of the best reasons to have a managed service provider as part of your IT management and maintenance infrastructure. IT Support Guys keeps a close eye on the latest in network security, including any new threats to your business’s data or patches that need to be implemented. We’ll do whatever it takes to keep your business’s technology as secure and up to date as possible.

Your business won’t have to worry about any aspect of IT maintenance, and we can even help your internal team with implementation projects or technology support aspects of running your organization. To learn more, reach out to us at 855-4IT-GUYS (855-448-4897).

Connect with Next Perimeter on Social Media

READY TO TRANSFORM YOUR CYBERSECURITY?

Switching to Next Perimeter is Simple, with No Downtime or Disruptions

1. Free Exploratory Consultation Call

Let’s dive into your specific needs, security challenges, and current technology set-up. We’ll collaborate with you to start crafting tailored solutions that align with your business goals.

Element - Arrows Dark

2. Identity & Device Assessment

Our experts will begin developing a customized proposal for your unique environment. We’ll perform a thorough assessment to finalize the scope, ensuring every aspect of your digital security is covered.

Element - Arrows Light

3. Schedule Your Seamless Onboarding

With your approval, we’ll launch your onboarding process. Our all-in-one security solution will seamlessly integrate into your existing infrastructure, implemented by our expert team for a smooth transition.

Search