Bredy Network Management Corporation Blogs

BNMC has been serving the Andover area since 1988, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like BNMC, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 19 February 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Best Practices Cloud Email Privacy Malware Hackers Business Computing Internet Software Microsoft Hosted Solutions Ransomware Android IT Services Business Google Network Security Computer Smartphone Windows Windows 10 Innovation Backup Mobile Devices Small Business Business Continuity Data Browser Internet of Things App Hardware Encryption Data Management Managed IT Services Gmail User Tips Cloud Computing Smartphones Data Recovery Efficiency Saving Money Artificial Intelligence Outsourced IT Tip of the week Productivity IT Support Remote Monitoring Phishing Office 365 Upgrade Business Management Office Tips Word Data storage Big Data Antivirus Money Productivity Cybersecurity Facebook Managed Service Provider IT Support Risk Management Windows 10 Vulnerability Chrome Settings Server Robot Google Drive Virtual Private Network communications Holiday Social Media Telephone Systems Alert Firewall Disaster Recovery Microsoft Office Passwords Data Backup LiFi Outlook HIPAA Employer-Employee Relationship Monitors Mobile Security Save Money Administration Content Filtering Automation Government Business Technology Mouse Analytics Miscellaneous Virtual Reality Communication Infrastructure Unified Threat Management Managed IT Services Apple SaaS Maintenance Network Two-factor Authentication Scam Computing Hosted Solution Mobile Device Bandwidth Workplace Tips IT Management Data Security End of Support Server Management YouTube Microsoft Excel Safety Education Google Docs Quick Tips Scary Stories Staff Data loss Techology Tablet Network Congestion Statistics Website Hacks Blockchain desktop Mail Merge Google Wallet Unified Communications VoIP Sports Business Growth Politics Augmented Reality Wi-Fi Digital Unified Threat Management Comparison Computers Bluetooth Password Collaboration The Internet of Things Samsung Permissions Address Drones Document Management Avoiding Downtime Hacker Tech Support Wearable Technology Spyware User Error Specifications Display File Sharing VoIP Cybercrime Fraud Solid State Drive WiFi Time Management Alt Codes Websites Marketing Printer Black Friday Search Hard Disk Drive Emergency Budget Humor Network Management Typing Applications Access Control Cyber Monday Cabling Current Events Hotspot IT solutions Touchscreen Cryptocurrency IT Technicians How To SharePoint Smart Technology Managed IT Going Green Running Cable BYOD Language Lenovo Firefox Downloads Storage Digital Payment Buisness Bitcoin Mirgation Distributed Denial of Service Writing Disaster Shortcut Virtual Desktop Printing Laptop Computing Infrastructure Superfish Legal Deep Learning Dark Data Windows 8 Managed IT Service Retail Uninterrupted Power Supply Patch Management Computer Care Customer Relationship Management Alerts IBM Spam Multi-Factor Security Bring Your Own Device Customer Service Wireless Heating/Cooling Downtime Break Fix Office Training Gadgets Licensing Vendor Management Corporate Profile Networking Operating System Google Calendar Servers Social Automobile Dark Web Social Engineering Dell VPN Information Technology Paperless Office Halloween Best Practice Users Cooperation WannaCry Apps Legislation Google Maps Processors what was your? Web Server GPS Personal Information Cortana Cameras Tracking Virtualization CCTV Computer Repair Mobile Device Management Notifications How To Identity Theft Health Black Market Mobile Computing Travel Crowdsourcing G Suite Supercomputer Botnet Electronic Medical Records CrashOverride Twitter Motion Sickness Upgrades Taxes IT Budget Machine Learning Remote Computing 3D Printing IT Consultant Relocation Meetings Cleaning Work/Life Balance Unsupported Software Private Cloud Update Webcam Law Enforcement Mobile Data Error Recovery Ben McDonald shares Point of Sale Gadget Chromebook Staffing Physical Security Emoji Administrator

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      What Our Clients Say

      • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
      • 1
      • 2
      • 3