XFER Blog

XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like XFER are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to XFER at 734-927-6666 / 800-Get-XFER.

What Does Redundancy Mean for Your Business
Personalities are Key to Successful Networking
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, October 16 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Saving Money Best Practices Backup Software Workplace Tips Managed Service Provider Business Computing Hackers Data Small Business Hosted Solutions Mobile Devices Productivity Hardware Google Mobile Office VoIP Gadgets Email Malware Quick Tips Network Security Network Efficiency IT Support Social Media Innovation Business Management IT Services Miscellaneous Business Continuity Smartphones Server Upgrade Virtualization Business Communication Windows Disaster Recovery Computer Communications Microsoft Office Managed IT Services User Tips Users Data Backup Passwords Mobile Device Management Browser Android Marketing Save Money Smartphone Alert Data Recovery WiFi Holiday Ransomware Vendor Management Tech Term Outsourced IT Mobile Computing Remote Monitoring Internet of Things Windows 10 Operating System Cybercrime Bring Your Own Device Apple BYOD BDR Information Technology Computers Cloud Computing Avoiding Downtime Automation Firewall Big Data Current Events Remote Computing Router IT Solutions Going Green Best Practice History The Internet of Things Telephone Systems Artificial Intelligence Chrome VPN Facebook Phone System Social Engineering Spam Wireless Technology Employer-Employee Relationship IT Consultant Health Trending Application Cybersecurity Collaboration Hacking Money Proactive IT Lithium-ion Battery Office Budget Managed IT Services Excel App Bandwidth Printer iPhone Networking Windows 10 Business Managament Business Intelligence Content Filtering Fax Server Two-factor Authentication Mobility Maintenance Windows 8 Unified Threat Management Recovery How To Applications Website Customer Relationship Management Training Humor Hard Drives Outlook Phishing Mouse Tutorials Data Security Gmail Virus Antivirus Managed IT Analytics Apps PowerPoint Private Cloud Redundancy Law Enforcement Value Office 365 Sports Data Protection User Error Productivity Connectivity Word Office Tips Document Management Streaming Media Risk Management Compliance Inbound Marketing Identity Theft Flexibility Google Drive Entertainment Saving Time IT Support Retail Settings Vulnerability Administration Mobile Device IT Management Digital Payment Social Networking Downtime Computer Repair File Sharing Memory Network Congestion Tech Support Information Conferencing Data Management Scam Analysis Tablet Search Save Time Encryption Blockchain Twitter Point of Sale Spam Blocking Recycling Wireless Physical Security Education Cleaning Password Comparison Windows 7 Social Statistics Public Cloud Virtual Assistant SaaS Skype Programming Data storage Instant Messaging Webinar OneNote Touchscreen Telephone System Environment Credit Cards Running Cable Augmented Reality Intranet Data Storage Access Control eWaste Wearable Technology Internet Exlporer Human Resources Servers Biometrics PDF Smart Tech Safety Wi-Fi Fraud Work/Life Balance Data Breach HaaS End of Support IT service CES Video Surveillance Best Available Government Machine Learning YouTube IT Plan Hacker Meetings Workers Bluetooth IBM People Content Management Piracy Leadership Samsung DDoS Infrastructure Administrator Unsupported Software Managed Service Robot Paperless Office Solid State Drive USB Data loss Black Market Update Computer Accessories Online Currency Software Tips Tablets Remote Work Wiring Distributed Denial of Service Files Password Manager Patch Management eBay Enterprise Content Management Chromecast Screen Mirroring Hosted Computing Alerts Proactive Windows Media Player Telephony Virtual Desktop Unified Communications 360 Emails Students IT Security Hiring/Firing Cost Management Online Shopping Cache Project Management Print Server Notifications Google Docs Staff Electronic Medical Records Upgrades Analyitcs Business Owner Devices GDPR nternet Crowdfunding Colocation Botnet Business Mangement Windows 10s Text Messaging Password Management Remote Support Laptop Charger Cast Inventory Work Station Remote Monitoring and Maintenance SharePoint Start Menu Customer Service Theft Gaming Console Healthcare Shadow IT Data Warehousing Specifications Company Culture Regulations Evernote HIPAA Wireless Internet Warranty Law Firm IT Hybrid Cloud Consultant Voice over Internet Protocol Digital Signature Hiring/Firing IoT HBO Thought Leadership E-Commerce IaaS Computing Infrastructure Travel Criminal NIST Touchpad Computer Care Line of Business LinkedIn Relocation Cameras Help Desk Mobile Cortana Hosted Solution Electronic Health Records Legal Millennials Net Neutrality Monitor Wireless Charging Keyboard Wire Licensing Multi-Factor Security Strategy Frequently Asked Questions Virtual Reality Content Filter Camera WIndows 7 Audit Cryptocurrency Windows 8.1 Update Authentication MSP Printer Server Professional Services Shortcut Google Apps Netflix Display Workforce Insurance Reputation Worker Commute Flash Fiber-Optic Webcam Smart Office Debate User Lifestyle Root Cause Analysis Tip of the week Bloatware Amazon Supercomputer Storage Internet exploMicrosoft Managing Stress Software as a Service Domains Computer Fan Safe Mode Macro Telecommuting Nanotechnology Remote Worker Tools HVAC NarrowBand Science PC Care Practices Customers Sync Cables Uninterrupted Power Supply Co-managed IT Windows Server 2008 Entrepreneur Amazon Web Services Knowledge Scheduling Addiction Virtual Private Network Advertising FENG 3D Accountants Business Technology Assessment Scalability Rootkit Politics Television Transportation How to Troubleshooting Webinar Techology Automobile Public Computer Benefits IT solutions Regulation Thank You Employer Employee Relationship CrashOverride Smart Technology Loyalty Books Congratulations Experience Battery Content Printers Two Factor Authentication Emergency Video Games Music Worker Audiobook

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *
      • Company Name *
      • Number of Participants *
      • First Name *
      • Last Name *
      • Phone *
      • Yes, subscribe me to: