ALERT: Your Business’ Infrastructure May Be Susceptible to Meltdown/Spectre Vulnerability

ALERT: Your Business’ Infrastructure May Be Susceptible to Meltdown/Spectre Vulnerability

You’d think that Intel would make sure their firmware is of sound integrity, but unfortunately, a recently discovered vulnerability has revealed that it’s not as secure as previously thought. The issue involving Intel’s chips could potentially lead to a permanent nosedive for your CPU’s capacity to perform as intended, which could have disastrous implications for your business.

An unknown blogger calling themselves Python Sweetness describes the issue as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

The bug found complicated the way that various programs interacted with the CPU. Ordinarily, your CPU will have two modes. Kernel offers a complete “carte blanche” access to the computer or user. This is supposed to be considered the safe mode for your CPU, but Python Sweetness has found that this bug lets programs run through user mode access kernel mode. What this ultimately allows for is the potential for malicious programs to access a user’s hardware--a scary thought indeed.

A fix has been developed that mitigates the issue to a small dip in system performance (approximately 2 percent), which is a much smaller price to pay compared to allowing hackers to influence your hardware itself. Originally, it was thought that the processes would be placed on the kernel mode, then shift back to the user mode as needed, but this process slowed down the system. A new Windows update has resolved the CPU problems, even though most professionals thought that a hardware change was the only way to solve it.

If you have a PC with Windows 10 and an antivirus that supports the patch, you should already have the fix implemented. You should make sure to confirm this by navigating to Settings > Update & Security. Once you’ve done so, make sure you also review your update history and find Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android device users should have had this issue mitigated by an update pushed on January 5, with other updates incoming to strengthen these protections. Phones that fall under the Google brand, including the Nexus and Pixel phones, should have received patches already, with other Android devices soon to be patched as well. You should check your phone to see, and if you haven’t received one, put pressure on your carrier on a visible forum.

Google Chrome should be updated on January 23, and the other browsers should soon follow, with additional mitigations. Until then, you should ask IT to activate Site Isolation to keep potentially malicious sites from harvesting your data from your other browser tabs.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using cursory hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These types of problems are one of the best reasons to have a managed service provider as part of your IT management and maintenance infrastructure. Celera Networks keeps a close eye on the latest in network security, including any new threats to your business’s data or patches that need to be implemented. We’ll do whatever it takes to keep your business’s technology as secure and up to date as possible.

Your business won’t have to worry about any aspect of IT maintenance, and we can even help your internal team with implementation projects or technology support aspects of running your organization. To learn more, reach out to us at (617) 375-9100.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 25 February 2018

Captcha Image

Request a Free Consultation

  • Company name *
  • First Name *
  • Last Name *
  • Title
  • Phone
  • What are your concerns?

      Sign up for our Newsletter!

      • Company *
      • First Name *
      • Last Name *

          Mobile? Grab this Article!

          QR-Code dieser Seite

          Tag Cloud

          security Tip of the Week technology Hackers Privacy Best Practices Cloud Productivity Business Computing business Malware Microsoft Internet IT Services Backup Hosted Solutions Managed Service Provider IT Support Email Network Mobile Devices Workplace Tips Communication Hardware Computer Smartphones Disaster Recovery Mobile Device Management Microsoft Office Holiday Windows Miscellaneous network security Business Continuity Small Business Windows 10 Efficiency Data Server Software Alert Smartphone Google Business Management Internet of Things Virtualization User Tips Upgrade Saving Money Social Media WiFi Remote Monitoring Innovation Ransomware Big Data Android BYOD Passwords Gmail Remote Computing Cybersecurity Operating System VoIP Office Browser Vendor Management Apple Spam Mobile Computing The Internet of Things Apps App Business Growth Facebook Risk Management Budget Hacking Analytics Information Technology Artificial Intelligence Collaboration Wireless Technology Phishing Customer Service Automation Gadgets Office 365 Managed IT Services Cybercrime Money Hacker IT Solutions Robot Cost Management Outsourced IT Retail Best Practice Office Tips Save Money Tech Support Bring Your Own Device Going Green Data Management Mobile Device Social Engineering Hosted Solution Bitcoin Outlook IT service Proactive IT Current Events Application intranet communications Avoiding Downtime Data storage Recovery Presentation Content Filtering Firewall Downtime Hard Drives Maintenance Cortana Lithium-ion Battery Running Cable Customer Relationship Management virus Employer-Employee Relationship IT Consultant Saving Time End of Support Computers Laptop Managed IT Health Document Management Company Culture PowerPoint IT Support Administration Cryptocurrency Samsung Productivity Statistics Password Antivirus Save Time iPhone Google Docs Two-factor Authentication Blockchain Hacks Augmented Reality Vulnerabilities Excel Work/Life Balance Net Neutrality Hiring/Firing Tablet Update Social Law Enforcement Business Owner Private Cloud LiFi Competition eWaste Search Cloud Computing Humor Marketing Trending Education Analyitcs Safety Network Congestion Data Security Mobile Technology Mouse Twitter Programming Windows 8 Encryption Specifications project management User Disaster Website Wireless Data Breach Settings Phone System Piracy Bandwidth Chrome USB Quick Tips VPN Virtual Desktop Public Speaking Fake News Websites Printer Help Desk Documents 5G Business Intelligence Fraud Windows 8.1 Update data breaches Television Google Drive Crowdsourcing Halloween Digital Signature Heating/Cooling Migration IBM Microsoft Excel Botnet Managed IT Services today ’s world Printer Server Virtual Reality PDF email scam Crowdfunding risk Cyber-attacks Government Scary Stories Business Technology Users experience downtime Co-managed IT cyberattack SharePoint Sports Compliance Desktop Tip of the week Unified Communications Printing Fun Computing Infrastructure Travel cyberattacks Distributed Denial of Service Storage Regulations Digital Computer Repair Data loss Paperless Office Computing Entrepreneur Vulnerability businesses Router Debate Evernote Dark Data Gadget Buisness Refrigeration Consumers IP Address Virtual Assistant Skype IT Management Deep Learning Google Wallet Knowledge Networking Memory Software as a Service Data Warehousing Politics CIO Mobile Office Touchscreen Hard Drive LinkedIn Public Cloud Google Calendar Technology Tips Drones Black Market Environment Experience Business Cards Identity Theft Windows Server 2008 Telephony User Error Best Available Access Control Identities security breach Troubleshooting History Software License People Windows 7 Training Undo Modern technology Hard Drive Disposal Video Surveillance Solid State Drive Mobile Payment Backups Processors Display Word Redundancy Licensing Mobility Freedom of Information File Sharing YouTube Alt Codes business owners Unified Threat Management Patch Management Legal Notifications Monitors Data Recovery Online Currency Managed Service Providers Domains News Files Flexibility Typing Wi-Fi Fiber-Optic Downloads Comparison Telephone Systems bdr Writing IT Plan IT Budget CCTV Digital Payment G Suite Point of Sale Google Maps Machine Learning Corporate Profile SaaS Unified Threat Management Meetings Software Tips Relocation WannaCry Physical Security Webcam Applications Chromebook Motion Sickness GPS Data Backup How To Mobile Security Error Personal Information Emoji Cleaning Tracking Upgrades Electronic Medical Records Computer Care Cabling 3D Printing Automobile Staffing Infrastructure Unsupported Software test post Administrator Taxes Uninterrupted Power Supply Mobile Data Sync Web Server Supercomputer Hard Disk Drive Mobile Device Managment Cameras