XFER Blog

XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like XFER are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to XFER at 734-927-6666 / 800-Get-XFER.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 24 February 2018
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Microsoft Privacy Internet Cloud Saving Money Backup Software Best Practices Managed Service Provider Workplace Tips Small Business Business Computing Mobile Office Hackers Google Productivity Hardware Mobile Devices Data Hosted Solutions VoIP Gadgets Quick Tips Email IT Support Malware Efficiency Network Social Media Business Management Business Continuity Server Smartphones Business Virtualization Upgrade Miscellaneous Innovation IT Services Disaster Recovery Windows Communication Network Security Users Microsoft Office Computer Managed IT Services Mobile Device Management Communications Marketing Android User Tips Passwords Holiday WiFi Browser Save Money Vendor Management Smartphone Alert Remote Monitoring Mobile Computing Windows 10 Operating System Avoiding Downtime Data Backup Bring Your Own Device Apple Information Technology IT Solutions The Internet of Things Telephone Systems Going Green BYOD History Remote Computing Computers Outsourced IT Ransomware Chrome Cybercrime Current Events Best Practice Trending Phone System Hacking IT Consultant Health Spam Application Firewall Wireless Technology Social Engineering Employer-Employee Relationship Big Data BDR App Lithium-ion Battery Collaboration Automation Cloud Computing Proactive IT Data Recovery Excel VPN Printer Router Office Budget iPhone Recovery Facebook Managed IT Services Content Filtering Bandwidth Money Internet of Things Windows 8 Two-factor Authentication Mobility Business Managament Cybersecurity How To Fax Server Maintenance Mouse Private Cloud Hard Drives Outlook Networking Antivirus Unified Threat Management PowerPoint User Error Customer Relationship Management Artificial Intelligence Humor Value Tutorials Virus Gmail Business Intelligence Analytics Downtime Network Congestion Inbound Marketing Redundancy Search Law Enforcement Digital Payment Office 365 Computer Repair Retail Saving Time Tech Support Windows 10 Memory Conferencing Save Time Data Security Data Management Tablet Website Administration Office Tips Risk Management Social Networking Compliance Flexibility Apps Google Drive Phishing Managed IT Data Protection Computer Accessories eWaste IT service Hacker CES PDF Best Available Wi-Fi Vulnerability Safety Word Comparison Bluetooth Data Storage Government Samsung Robot Sports Touchscreen DDoS Meetings Online Currency Productivity Twitter Solid State Drive Workers Point of Sale Black Market IT Management Entertainment Programming IT Plan SaaS Environment Running Cable Data storage IBM Wearable Technology Unsupported Software Internet Exlporer Administrator Scam Work/Life Balance OneNote End of Support Training HaaS Social People Identity Theft Data Breach Credit Cards Document Management Recycling Mobile Device Webinar Streaming Media Statistics Video Surveillance Physical Security Wireless Public Cloud Skype Spam Blocking Piracy Settings Human Resources Intranet Leadership Biometrics WIndows 7 Wireless Charging Keyboard Cast Relocation Charger 3D Amazon Web Services Windows 8.1 Update Windows Server 2008 IT Support Worker Commute Co-managed IT Managing Stress Fiber-Optic Debate Computer Care Domains Science Online Shopping Content Management Windows 7 Audit Botnet Specifications Cables Data Warehousing Uninterrupted Power Supply Tablets Evernote Blockchain Gaming Console Regulations Computer Fan Virtual Desktop Windows Media Player Travel Millennials Unified Communications IT Security Education 360 Files Distributed Denial of Service Cleaning Analyitcs Staff Upgrades Electronic Medical Records Servers Password nternet Crowdfunding Business Owner FENG Customer Service Consultant Workforce Theft Colocation Shadow IT Digital Signature Company Culture Hiring/Firing Flash Emails Software as a Service Cameras Telecommuting Cortana Licensing Hosted Solution Computing Infrastructure PC Care IaaS Virtual Reality Net Neutrality Sync Legal Update Macro File Sharing eBay Monitor Shortcut Printer Server User Remote Work Google Apps Scheduling Display Software Tips Alerts YouTube Bloatware Telephony Google Docs Text Messaging Reputation USB Infrastructure Work Station Internet exploMicrosoft Netflix NarrowBand Entrepreneur Start Menu Voice over Internet Protocol Root Cause Analysis Customers Encryption Password Manager Hiring/Firing Patch Management HBO Advertising Supercomputer Chromecast Cost Management Mobile Multi-Factor Security Print Server Data loss Notifications Fraud Business Mangement Frequently Asked Questions Help Desk Remote Support Knowledge Laptop Instant Messaging Professional Services Lifestyle Law Firm IT HIPAA Screen Mirroring SharePoint Amazon Criminal Webcam Tip of the week Augmented Reality Hybrid Cloud LinkedIn Windows 10s Touchpad Tools Smart Technology Experience Two Factor Authentication Battery Music Loyalty Applications Troubleshooting Assessment Thank You Techology Automobile Television Congratulations Webinar Books Public Computer IT solutions Content CrashOverride Employer Employee Relationship Emergency Video Games Audiobook Scalability Politics Worker Transportation How to Rootkit Benefits

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *