XFER Blog

XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like XFER are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to XFER at 734-927-6666 / 800-Get-XFER.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 27 May 2018
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Saving Money Backup Best Practices Software Managed Service Provider Workplace Tips Business Computing Small Business Hackers Google Mobile Office Hosted Solutions Productivity Data Hardware Mobile Devices VoIP Quick Tips Gadgets Email Malware IT Support Efficiency Network Social Media Business Management Business Continuity IT Services Server Virtualization Business Smartphones Network Security Miscellaneous Innovation Upgrade Windows Disaster Recovery Communication Managed IT Services Users Microsoft Office Communications Mobile Device Management Computer User Tips Android Passwords Smartphone Marketing Browser Alert Holiday WiFi Vendor Management Data Backup Save Money Cybercrime Remote Monitoring Windows 10 Operating System Mobile Computing Ransomware Bring Your Own Device Apple BYOD Information Technology Computers Avoiding Downtime Big Data Remote Computing Going Green Cloud Computing IT Solutions Current Events The Internet of Things Best Practice History Data Recovery Outsourced IT VPN Telephone Systems Chrome Hacking Automation Phone System Social Engineering Spam Firewall Wireless Technology Employer-Employee Relationship Router Internet of Things IT Consultant Health Trending BDR Application Collaboration App Bandwidth Printer Lithium-ion Battery Proactive IT Office Cybersecurity Budget Excel Tech Term iPhone Money Managed IT Services Facebook Content Filtering Business Intelligence Business Managament How To Two-factor Authentication Mobility Fax Server Maintenance Artificial Intelligence Recovery Windows 8 Value Private Cloud Redundancy Customer Relationship Management Data Protection Law Enforcement Website Hard Drives Mouse User Error Networking Humor Gmail Outlook Antivirus Data Security Tutorials Virus Analytics Apps Managed IT PowerPoint Unified Threat Management Phishing Tablet Search Save Time Data Management Twitter Vulnerability Office Tips Streaming Media Risk Management Inbound Marketing Office 365 Compliance Flexibility Administration Identity Theft Saving Time Retail Mobile Device Digital Payment Google Drive Social Networking Downtime Computer Repair Memory Productivity Network Congestion Conferencing Windows 10 Tech Support Computer Accessories Meetings Robot Sports Scam Unsupported Software OneNote Infrastructure Online Currency Point of Sale Training DDoS Recycling Document Management Social Update Data Storage Solid State Drive Black Market Statistics Word Encryption Work/Life Balance Data Breach Comparison Skype Touchscreen Wireless Physical Security Entertainment Programming Cleaning Workers Smart Tech Public Cloud Environment Running Cable SaaS Settings Intranet Human Resources Wearable Technology Webinar Video Surveillance Credit Cards Data storage Biometrics Data loss IT Management IT service Internet Exlporer Hacker Best Available eWaste Spam Blocking Piracy Bluetooth IBM CES PDF IT Plan Safety Wi-Fi People Leadership HaaS End of Support Administrator Samsung Government USB 3D Tip of the week Amazon Reputation Hosted Computing Scheduling Charger Software as a Service Cast Content Management HIPAA IT Support Telecommuting Entrepreneur Hiring/Firing Tools Internet exploMicrosoft Cache Macro eBay NarrowBand Tablets Alerts Sync Cables Devices Co-managed IT Hiring/Firing Hosted Solution Windows Server 2008 Amazon Web Services Customers Inventory Windows Media Player Virtual Desktop IT Security Education Computer Care Uninterrupted Power Supply Blockchain Text Messaging Keyboard Software Tips Remote Work IoT Applications Cost Management Print Server Password Manager Advertising Wireless Internet Chromecast Upgrades Analyitcs nternet Crowdfunding Work Station Telephony Distributed Denial of Service Audit Unified Communications Files Thought Leadership Remote Support Gaming Console Windows 7 Netflix Online Shopping Access Control Customer Service Google Docs Staff Password Instant Messaging Law Firm IT Botnet Notifications Root Cause Analysis Business Mangement Consultant Company Culture Data Warehousing Supercomputer Specifications Laptop Start Menu Computer Fan Theft Colocation Content Filter Augmented Reality LinkedIn Regulations SharePoint Evernote Authentication Cameras Voice over Internet Protocol Shadow IT Digital Signature HBO Insurance Travel Criminal Hybrid Cloud Licensing Net Neutrality Knowledge Millennials Touchpad Analysis Virtual Reality File Sharing Help Desk Mobile IaaS FENG Cortana Computing Infrastructure Storage WIndows 7 Windows 8.1 Update Strategy Legal Patch Management Servers Wireless Charging Relocation Nanotechnology Printer Server Shortcut Display Webcam Multi-Factor Security 360 Frequently Asked Questions Emails Fraud Monitor Practices Worker Commute Debate Screen Mirroring User Workforce Accountants Bloatware Electronic Medical Records Professional Services Google Apps Addiction Managing Stress Domains Business Owner Lifestyle YouTube Science PC Care Flash Windows 10s Fiber-Optic Connectivity Troubleshooting Webinar Battery Automobile Public Computer Video Games Benefits IT solutions Employer Employee Relationship CrashOverride Scalability Smart Technology Books Loyalty Experience Wire Content How to Two Factor Authentication Techology Emergency Music Worker Audiobook Thank You Assessment Rootkit Politics Television Congratulations Transportation

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *