XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like XFER are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to XFER at 734-927-6666 / 800-Get-XFER.

What Does Redundancy Mean for Your Business
Personalities are Key to Successful Networking


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, January 17 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Best Practices Saving Money Backup Workplace Tips Software Business Computing Managed Service Provider Hosted Solutions Hackers Data Small Business Google Hardware Mobile Devices Productivity VoIP Mobile Office Malware Email Gadgets Quick Tips Network Security Efficiency Network Innovation IT Support Business IT Services Social Media Business Management Business Continuity Smartphones Server Miscellaneous Upgrade Communication Virtualization Disaster Recovery User Tips Windows Communications Data Backup Computer Microsoft Office Managed IT Services Users Smartphone Browser Mobile Device Management Data Recovery Passwords Android Holiday WiFi Marketing Save Money Alert Ransomware Tech Term Outsourced IT Internet of Things BDR Cybercrime Vendor Management Mobile Computing Windows 10 Router Cloud Computing Chrome Operating System Remote Monitoring Bring Your Own Device Apple BYOD Information Technology Computers Artificial Intelligence Automation Avoiding Downtime Spam History Best Practice Cybersecurity Big Data Remote Computing Going Green IT Solutions The Internet of Things Firewall Telephone Systems VPN Current Events Managed IT Services IT Consultant Application Printer Collaboration Trending Hacking Facebook Social Engineering Phone System Health Employer-Employee Relationship Wireless Technology Proactive IT Budget Mobility Excel App Productivity Bandwidth Windows 10 Money Office Lithium-ion Battery Content Filtering Maintenance Windows 8 Two-factor Authentication Business Intelligence Mobile Device How To Recovery Unified Threat Management Phishing Business Managament IT Support Networking iPhone Office 365 Mouse Fax Server Applications Settings Blockchain Word Antivirus Information Google Drive Data Security Apps Analytics Managed IT User Error PowerPoint Humor Website Outlook Tutorials Private Cloud Value Customer Relationship Management Sports Virus Redundancy Law Enforcement Gmail Training Hard Drives Encryption Data Protection Access Control Retail Human Resources Administration Machine Learning Tech Support Saving Time Scam Digital Payment Analysis Network Congestion Hacker Identity Theft Social Networking Computer Repair Voice over Internet Protocol Downtime Managed Service File Sharing Memory Save Time IT Management Connectivity Servers Conferencing Administrator Wi-Fi Office Tips Compliance Tablet Data Management Search Flexibility Software as a Service Vulnerability Twitter Entertainment Inbound Marketing Document Management Social Streaming Media Risk Management Work/Life Balance Data Breach Update Statistics Smart Tech Environment Wireless Physical Security Touchscreen Cleaning Password Telephony Biometrics Skype Public Cloud Workers Comparison Programming SaaS Google Docs IT service Windows 7 Botnet Running Cable Augmented Reality Intranet Data loss Video Surveillance Wearable Technology Data storage Paperless Office eWaste Internet Exlporer Spam Blocking Credit Cards Robot Best Available Piracy PDF USB Display IBM HaaS End of Support Bluetooth Leadership Safety Government CES People Virtual Assistant YouTube Fraud Meetings Samsung Computer Accessories IT Plan OneNote Webinar DDoS Content Management Telephone System Online Currency Data Storage Infrastructure Point of Sale Solid State Drive Unsupported Software Recycling Instant Messaging Keyboard Education Help Desk Black Market Wire Distributed Denial of Service Microchip Files Print Server Work Station Chromecast Audit Windows Server 2008 Amazon Web Services Gaming Console Content Filter Camera Cameras Password Manager nternet Crowdfunding Cryptocurrency Netflix Software Tips Remote Work Remote Support Root Cause Analysis Unified Communications Notifications Vendor Licensing Authentication MSP Company Culture Smart Office Colocation Supercomputer WIndows 7 Staff Law Firm IT Insurance Laptop Computer Fan Virtual Reality Online Shopping Storage SharePoint Printer Server Shortcut Business Mangement Safe Mode Shadow IT Worker Commute Start Menu Theft LinkedIn HVAC Macro Security Cameras Hybrid Cloud Data Warehousing User Specifications Nanotechnology Remote Worker Regulations Bloatware Evernote Net Neutrality Co-managed IT IaaS Search Engine Computing Infrastructure Knowledge Managing Stress Domains Digital Signature Practices Touchpad FENG Addiction Virtual Private Network Relocation Travel Criminal Accountants Business Technology Legal Patch Management HBO Science Windows 8.1 Update Webcam Monitor Screen Mirroring Mobile Cortana Enterprise Content Management 360 Emails Millennials Wiring Entrepreneur Wireless Charging Students Bing Multi-Factor Security Strategy Debate Hosted Computing Proactive Electronic Medical Records Cache Project Management Business Owner PC Care Windows 10s Frequently Asked Questions Tablets Devices GDPR Reputation Charger Cast Windows Media Player Professional Services Virtual Desktop Google Apps 3D Password Management Hiring/Firing Workforce Scheduling Flash Cost Management Fiber-Optic eBay Healthcare Shortcuts Internet exploMicrosoft HIPAA Lifestyle Inventory Remote Monitoring and Maintenance Hiring/Firing Wireless Internet Warranty Alerts IoT NarrowBand Upgrades Tip of the week Analyitcs Amazon Thought Leadership E-Commerce Customers Computer Care Tools Customer Service NIST Uninterrupted Power Supply Hosted Solution Telecommuting Sync Cables Text Messaging Electronic Health Records eCommerce Advertising Consultant IT Security Line of Business Thank You Regulation Scalability Smart Technology Loyalty Books Experience Utility Computing Content Congratulations How to Two Factor Authentication Printers Techology Emergency Worker Music Audiobook Assessment Rootkit Employee/Employer Relationship Politics Television Transportation Troubleshooting Webinar Smartwatch Battery Automobile Public Computer Video Games Benefits IT solutions Employer Employee Relationship CrashOverride

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *