XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like XFER are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to XFER at 734-927-6666 / 800-Get-XFER.

What Does Redundancy Mean for Your Business
Personalities are Key to Successful Networking
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, August 18 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Saving Money Best Practices Backup Software Managed Service Provider Workplace Tips Business Computing Small Business Productivity Data Hosted Solutions Hackers Google Mobile Office Hardware Mobile Devices VoIP Gadgets Email Quick Tips Malware Network Efficiency IT Support Social Media Business Management Innovation Miscellaneous Business Continuity Smartphones Network Security IT Services Server Business Virtualization Upgrade Windows Disaster Recovery Communication Microsoft Office Managed IT Services Communications Computer Users Passwords Mobile Device Management User Tips Data Backup Android Browser Smartphone Marketing Alert WiFi Holiday Save Money Vendor Management Data Recovery Tech Term Windows 10 Ransomware Cybercrime Operating System Mobile Computing Remote Monitoring Outsourced IT Bring Your Own Device Cloud Computing Apple BYOD Internet of Things Computers Information Technology BDR Avoiding Downtime Big Data Remote Computing Router Current Events IT Solutions Going Green Chrome Best Practice The Internet of Things History Automation VPN Telephone Systems Spam Cybersecurity Wireless Technology IT Consultant Application Health Trending Collaboration Hacking Artificial Intelligence Social Engineering Employer-Employee Relationship Firewall Phone System Facebook Proactive IT Lithium-ion Battery Budget Bandwidth Excel App Managed IT Services Money Printer Office Two-factor Authentication How To Business Managament Business Intelligence Content Filtering Mobility Recovery Fax Server Maintenance Windows 8 Networking iPhone Humor Redundancy Mouse Law Enforcement Outlook Data Protection Tutorials Office 365 Antivirus Virus Applications Analytics Apps Data Security Phishing PowerPoint Unified Threat Management Website Managed IT Value Gmail Customer Relationship Management User Error Private Cloud Hard Drives Data Management Inbound Marketing Retail Blockchain Word Saving Time Productivity Administration Network Congestion Mobile Device Social Networking Identity Theft Downtime Digital Payment Computer Repair Windows 10 File Sharing Memory Save Time Google Drive Tech Support Conferencing Analysis Office Tips IT Management IT Support Vulnerability Compliance Tablet Sports Search Twitter Flexibility Document Management Entertainment Connectivity Streaming Media Risk Management Infrastructure Social Settings Unsupported Software Statistics Workers Environment DDoS Human Resources Biometrics Update Skype Solid State Drive Programming Encryption Data loss IT service Black Market Touchscreen Augmented Reality Intranet Comparison Running Cable Hacker Webinar Spam Blocking Cleaning Password Access Control Windows 7 Wireless Wearable Technology Physical Security Public Cloud Smart Tech SaaS Video Surveillance Machine Learning Robot Best Available USB Information Credit Cards Bluetooth Data storage IBM OneNote People Piracy Leadership Internet Exlporer Samsung Administrator Scam Servers eWaste CES PDF Data Storage Paperless Office HaaS Online Currency End of Support IT Plan Safety Wi-Fi Computer Accessories Government Point of Sale YouTube Work/Life Balance Data Breach Recycling Training Instant Messaging Content Management Meetings Education Tools Internet exploMicrosoft Virtual Assistant Root Cause Analysis Telecommuting Print Server Cache Remote Support Password Management Computer Fan Cameras nternet NarrowBand Crowdfunding Devices Supercomputer Text Messaging Sync Cables Work Station Uninterrupted Power Supply Inventory Remote Monitoring and Maintenance Gaming Console Licensing Windows Server 2008 Amazon Web Services Customers Healthcare Password Manager Company Culture Advertising IoT Telephone System WIndows 7 Software Tips Remote Work Law Firm IT Wireless Internet Virtual Reality Distributed Denial of Service Files NIST FENG Printer Server Shortcut Chromecast Thought Leadership Knowledge Telephony Unified Communications Patch Management Worker Commute Google Docs Staff LinkedIn Line of Business User Online Shopping Electronic Health Records Botnet Business Mangement Notifications Net Neutrality Screen Mirroring Managing Stress Domains Help Desk Wire 360 Emails Bloatware Windows 8.1 Update Colocation Cryptocurrency Electronic Medical Records Data Warehousing Specifications Laptop Content Filter Science Start Menu Theft Windows 10s Voice over Internet Protocol Digital Signature Shadow IT Authentication MSP Business Owner Regulations Evernote SharePoint Display Entrepreneur Travel Criminal Hybrid Cloud Insurance Webcam Charger Cast HBO Debate Smart Office Cortana IaaS Computing Infrastructure Safe Mode Hiring/Firing Millennials Touchpad Storage HIPAA Tablets Mobile HVAC Windows Media Player Virtual Desktop Multi-Factor Security Strategy Legal Nanotechnology Hiring/Firing Wireless Charging Relocation Cost Management Macro Practices Managed Service Computer Care Frequently Asked Questions Fraud Monitor Hosted Solution PC Care Professional Services Google Apps Accountants Business Technology Scheduling Workforce Addiction Keyboard 3D Upgrades Analyitcs Co-managed IT Enterprise Content Management Audit Customer Service Lifestyle eBay Flash Fiber-Optic Netflix Alerts Software as a Service Hosted Computing Proactive Consultant Tip of the week Amazon IT Security Reputation Students Battery Experience Two Factor Authentication Video Games Content Emergency Worker Music Scalability Audiobook Assessment Regulation Rootkit Thank You How to Politics Transportation Techology Television Troubleshooting Webinar Congratulations Benefits Remote Worker Automobile Public Computer IT solutions Employer Employee Relationship CrashOverride Smart Technology Wiring Loyalty Books

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *