Bredy Network Management Corporation Blogs

3 minutes reading time (636 words)

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like BNMC, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 26 May 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Email Malware Privacy Hackers Business Computing Internet Software Hosted Solutions Ransomware Business Microsoft Network Security Google Computer Smartphone Mobile Devices Android IT Services Managed IT Services Windows Data Management Backup Hardware Windows 10 Browser Small Business Innovation Internet of Things Cloud Computing Tech Term App Business Continuity Data IT Support Artificial Intelligence Encryption User Tips Server Remote Monitoring Saving Money Data Recovery Gmail Infrastructure Business Management Productivity Smartphones IT Support Tip of the week Managed Service Provider Outsourced IT Phishing Data Backup Productivity Vulnerability Efficiency Cybersecurity Office 365 Office Tips Government Disaster Recovery Data storage Windows 10 Passwords Big Data Managed IT Services Money Settings Chrome Word Facebook Robot Antivirus Google Drive Bandwidth Upgrade Communication Social Media Risk Management IT Management Server Management Business Technology SaaS Virtual Private Network Holiday The Internet of Things Unified Threat Management Network Microsoft Office BYOD Data loss Telephone Systems Alert Spam Computing Outlook Firewall WiFi Two-factor Authentication Maintenance Monitors LiFi Vendor Management Hosted Solution Save Money Scam Administration Workplace Tips Automation Content Filtering Mouse End of Support HIPAA YouTube Employer-Employee Relationship Miscellaneous Virtual Reality Analytics Apple VPN Mobile Security Mobile Device Data Security Applications Paperless Office communications Website Storage Cooperation Service Level Agreement Cabling Printing Legislation Buisness Router WannaCry Business Growth Password Touchscreen SharePoint Writing Sports Compliance Legal Microsoft Excel Wi-Fi Virtual Desktop Hotspot Internet Exlporer Google Maps Quick Tips Techology Computers Laptop IT Technicians Unified Communications Drones Managed IT Smart Technology Connectivity Windows 8 Staff Leominster Statistics Tablet Modem Hacker How To Lenovo Dark Data Downloads Retail Regulations Deep Learning Mail Merge Blockchain Language Value VoIP Unified Threat Management Display Mirgation desktop Shortcut Distributed Denial of Service Politics VoIP IoT Digital Payment Cybercrime Augmented Reality K-12 Schools Disaster Bluetooth Comparison Downtime Cookies Digital Alt Codes Firefox Superfish Customer Service Collaboration Office Samsung Marketing Social Networking Bring Your Own Device Operating System Address Permissions Computing Infrastructure Professional Services Avoiding Downtime User Error Gadgets Chatbots Budget Patch Management Managed IT Service Tech Support Star Wars Social Chromebook Wearable Technology Network upgrade Uninterrupted Power Supply Information Technology Specifications Nanotechnology Document Management Spyware Typing Humor Customer Relationship Management USB File Sharing Current Events Heating/Cooling Multi-Factor Security Social Engineering Motherboard Computer Care IBM Best Practice Alerts Time Management Printer Users Halloween Identity Solid State Drive Break Fix Websites Fraud Cost Management Wireless Apps Search Black Friday Screen Reader Identity Theft Cryptocurrency Networking Licensing Dongle IT solutions Going Green Servers Google Calendar Safety Training Corporate Profile Google Docs Emergency Education Hacks Network Management Access Control Remote Computing Scary Stories Hard Disk Drive Dark Web Assessment Automobile Network Congestion Running Cable Dell Google Wallet Cyber Monday Smart Tech Bitcoin Motion Sickness Staffing Processors Taxes Machine Learning Administrator Virtualization Optimization Web Server what was your? Unsupported Software IT Budget GPS Update Mobile Device Management IT Consultant Computer Repair Relocation Recycling Cameras Mobile Data Meetings How To Work/Life Balance Tracking Recovery Mobile Computing Cleaning Health Private Cloud Black Market eWaste CCTV Webcam Law Enforcement Notifications Electronic Medical Records Twitter Physical Security Error Emoji Smart Office Point of Sale Ben McDonald shares Upgrades Gadget Travel Crowdsourcing BDR G Suite Personal Information Botnet Cortana Work 3D Printing Supercomputer CrashOverride

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      What Our Clients Say

      • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
      • 1
      • 2
      • 3