Bredy Network Management Corporation Blogs

3 minutes reading time (636 words)

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like BNMC, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, August 20 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Cloud Email Privacy Malware Business Computing Hackers Microsoft Software Internet Google Business Computer IT Services Hosted Solutions Ransomware Mobile Devices Network Security Tech Term Managed IT Services Android Backup Smartphone Small Business Efficiency Saving Money User Tips Data Recovery Business Continuity Hardware IT Support Windows Data Management Internet of Things Data Backup Data Cloud Computing Cybersecurity Browser App Innovation Windows 10 Server Facebook Gmail Artificial Intelligence Remote Monitoring Encryption Business Management Chrome Office 365 Word Analytics Outsourced IT Managed Service Provider communications Phishing Vulnerability Productivity Network Money IT Support Disaster Recovery Windows 10 Infrastructure Managed IT Services Productivity Smartphones Communication Tip of the week Settings Antivirus Government Microsoft Office Employer-Employee Relationship YouTube Data storage Social Media IT Management Risk Management Applications Website Office Tips Robot Passwords Big Data Google Drive Bandwidth Content Filtering Upgrade Managing Stress Maintenance Avoiding Downtime Firewall SaaS Apple Scam Storage Workplace Tips Information Holiday Wireless BYOD HIPAA Alert VPN Mobile Security Data Security Mobile Device Server Management Paperless Office Business Technology Vendor Management Spam Computing Virtual Private Network Monitors Outlook Business Intelligence Save Money WiFi LiFi The Internet of Things Hosted Solution Data loss Automation Unified Threat Management Company Culture Administration End of Support Telephone Systems Virtual Reality Mouse VoIP Miscellaneous Two-factor Authentication Social Networking Managed Service IT solutions Going Green Patch Management Managed IT Service Marketing Computing Infrastructure Professional Services Network Congestion Google Docs User Error Collaboration Education Hacks Specifications Gadgets Star Wars Customer Relationship Management Chatbots eWaste Uninterrupted Power Supply Nanotechnology Development Wi-Fi PowerPoint Google Wallet Document Management Spyware Wearable Technology Network upgrade Writing Bitcoin Heating/Cooling Multi-Factor Security Motherboard Cables Printing Break Fix Computer Care IBM Alerts USB Computers Business Growth Time Management Printer File Sharing Password Search Black Friday Solid State Drive Users Fraud Halloween Cost Management Dark Data Legal Networking Identity Continuity Screen Reader Charging Onboarding Unified Communications Drones Emergency Identity Theft Smart Office Retail Windows 8 Servers Google Calendar Wires Slack Politics Dark Web Training Corporate Profile Licensing Dongle Display Hacker Network Management Access Control Cyber Monday Hard Disk Drive Scary Stories Assessment Customer Service Deep Learning Automobile Solar Legislation Dell Running Cable Smart Tech Work Office Samsung Router Voice over Internet Protocol Monitoring Tech Support Microsoft Excel WannaCry Cooperation Buisness Service Level Agreement Alt Codes Touchscreen SharePoint Cabling Virtual Desktop Managed IT Smart Technology Hotspot Sports Internet Exlporer Chromebook Bring Your Own Device Operating System Quick Tips Techology Google Maps Compliance Statistics Tablet Laptop Connectivity Budget How To Lenovo IT Technicians Optimization Social Engineering Social Modem FinTech Spying Websites Information Technology Mail Merge Blockchain Staff Leominster Typing Humor Downloads Regulations Analysis Current Events Shortcut Distributed Denial of Service Language Value Best Practice VoIP Unified Threat Management Bluetooth Comparison desktop IoT Firefox Superfish Digital Payment Mirgation Recycling Safety Cybercrime Cookies MSP Employee-Employer Relationship Apps Address Permissions Digital Augmented Reality Downtime K-12 Schools Remote Computing Cryptocurrency Disaster 3D Printing Cleaning Cortana CCTV Machine Learning Processors Webcam Unsupported Software Virtualization Update Error Point of Sale Ben McDonald shares Computer Repair Relocation BDR Mobile Data Travel Work/Life Balance Mobile Device Management G Suite Recovery How To Regulation Health Private Cloud Supercomputer CrashOverride Staffing Black Market Motion Sickness Law Enforcement Mobile Computing Taxes Administrator Web Server what was your? Electronic Medical Records IT Budget Notifications Physical Security GPS Twitter Upgrades Gadget IT Consultant Emoji Cameras Crowdsourcing Personal Information Botnet Tracking Meetings

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      What Our Clients Say

      • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
      • 1
      • 2
      • 3