253.777.0763    Get SUPPORT

Graemouse Technologies Blog

Graemouse Technologies has been serving the Lakewood & Tacoma area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like Graemouse Technologies are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to Graemouse Technologies at 253.777.0763.

Tip of the Week: A Secure 2018 Relies on Powerful ...
Personalities are Key to Successful Networking
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 25 May 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Efficiency Workers Outsourced IT Save Money Automation Inventory Business Continuity Office Operating System Remote Monitoring Quick Tips Addiction Internet Remote Work Collaboration Data Office 365 Tip of the Week Google Drive Hardware Hackers Infrastructure Email Travel Wireless Charging Data Breach Fraud Computers Business Mangement Human Resources Network Congestion Backup Communications Browser Leadership Cybersecurity Managed Service Provider Unsupported Software Knowledge IT Support Spam IBM Google Apps Charger Specifications User Error Applications Business Management Microsoft Office BDR Windows Server 2008 Artificial Intelligence VoIP Flash Cache Mobile Devices Managed IT Services How To OneNote Server Networking Best Practices Internet Exlporer Telecommuting Smartphone Electronic Medical Records Apple Spam Blocking Cloud Root Cause Analysis Redundancy Saving Money Accountants User Tips Content Management History Router Downtime Conferencing Employer-Employee Relationship Gadgets Law Enforcement webinar HIPAA Emails Cortana Hosted Solutions Government Devices Windows 10 Avoiding Downtime Update Windows 7 Microsoft Title II Keyboard Staff Excel Tip of the week Marketing Wireless Internet Settings Telephone Systems Meetings CES Mobile Device Management Network Security App Computer Voice over Internet Protocol Flexibility Cleaning Data Recovery Website Malware Chrome Alert Public Cloud Access Control IT Plan Windows 10 Technology Millennials Managed IT Services Relocation Bandwidth Data Security Humor Patch Management Cloud Computing Private Cloud Apps BYOD iPhone PDF Privacy Mobile Device Android Tech Term Internet of Things Password Manager HaaS Physical Security Data Backup Business Intelligence Business IT Consultant Data Protection Word Windows 10s Trending Ransomware Emergency Internet exploMicrosoft Tools Innovation Communication Productivity Small Business End of Support Wi-Fi Thought Leadership Password Legal Security Work/Life Balance Twitter Upgrade Virtualization VPN Social Engineering Money Cybercrime Blockchain Phishing Vulnerability Online Identity Theft Bring Your Own Device Social Media Two-factor Authentication Google Windows Credit Cards Multi-Factor Security Network Business Computing Managed IT Hosted Computing Passwords Holiday Practices Botnet Smartphones Software Tips Data Storage Software Comparison IT Services IT Management

Newsletter Sign Up