BNMC Blog

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like BNMC, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, November 18 2018

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Best Practices Email Cloud Privacy Malware Business Hackers Business Computing Software Network Security Internet Microsoft Computer Google IT Services Tech Term Hosted Solutions Ransomware Mobile Devices User Tips Efficiency Smartphone Communication Data Small Business Managed IT Services Android Backup Business Continuity Data Management Hardware IT Support Windows 10 Windows Internet of Things Browser Innovation Cloud Computing Productivity Data Recovery Saving Money Managed IT Services Productivity Data Backup Cybersecurity App Upgrade Disaster Recovery Encryption Business Management Passwords Artificial Intelligence Office 365 Gmail Facebook Word Server Microsoft Office Remote Monitoring Workplace Tips Website Windows 10 Analytics communications Infrastructure Applications Tip of the week Smartphones Network Chrome Outsourced IT Managed Service Provider Vulnerability Phishing BYOD Money IT Support Employer-Employee Relationship Save Money Content Filtering Robot Bandwidth Office Tips Miscellaneous Big Data Antivirus Government Settings Data storage Maintenance Company Culture YouTube IT Management Mobile Device Risk Management Google Drive Social Media Mouse Paperless Office Automation HIPAA Apple Laptop End of Support Education Unified Threat Management Managed Service The Internet of Things Virtual Reality Storage Data loss Mobile Security Telephone Systems Two-factor Authentication VoIP desktop Avoiding Downtime Information Business Intelligence Scam SaaS Firewall Holiday Spam Alert Computing Outlook Wireless VPN Operating System Users Access Control Display WiFi LiFi Managing Stress Data Security Server Management Hosted Solution Business Technology Administration Virtual Private Network Vendor Management Development Touchscreen Monitors Alerts USB Managed IT Smart Technology Spying Dell Motherboard Cables Quick Tips Running Cable Techology Chromebook Statistics Buisness Tablet Social Engineering Apps Analysis Cabling Identity Continuity How To Lenovo Cryptocurrency Human Error WannaCry Fraud Cost Management IT solutions Going Green Google Maps Smart Office Mail Merge Virtual Desktop Blockchain Websites Google Docs Screen Reader Charging Sports Downloads Licensing Dongle Shortcut Distributed Denial of Service Employee-Employer Relationship Wires VoIP Unified Threat Management Hacks Bluetooth Comparison Safety Google Wallet Solar Firefox Superfish Bitcoin Device Assessment Remote Computing Printing Work Address Permissions Business Growth LED Smart Tech Digital Payment Cooperation Service Level Agreement Patch Management Managed IT Service Legal PowerPoint Router Voice over Internet Protocol User Error Network Congestion Password Downtime Specifications Unified Communications Drones Disaster Compliance Customer Relationship Management Cybercrime Windows 8 Digital Hotspot Internet Exlporer Writing Collaboration IT Technicians Optimization Wi-Fi Hacker Co-Managed IT Connectivity Marketing Heating/Cooling Multi-Factor Security Staff Leominster Break Fix Deep Learning Onboarding Modem FinTech Gadgets Time Management Printer Computers Mobile Device Management Search Black Friday Slack Uninterrupted Power Supply Regulations Networking Dark Data Update Document Management Spyware Language Value Retail File Sharing Mirgation Recycling Emergency Alt Codes Computer Care Content IBM IoT Servers Google Calendar Augmented Reality K-12 Schools Dark Web Bring Your Own Device Politics Digital Signage Solid State Drive Cookies MSP Network Management Halloween Professional Services Cyber Monday Budget Monitoring Social Networking Customer Service Social Identity Theft Computing Infrastructure Legislation Office Samsung Information Technology Chatbots eWaste Typing Humor Training Streaming Corporate Profile Star Wars Current Events Automobile Wearable Technology Network upgrade Microsoft Excel Best Practice Tech Support Troubleshooting Hard Disk Drive Nanotechnology Scary Stories SharePoint Law Enforcement Supercomputer CrashOverride Notifications Motion Sickness Electronic Medical Records Staffing Twitter Administrator Physical Security Taxes Printers Upgrades Gadget Web Server what was your? BDR Emoji IT Budget Crowdsourcing GPS Personal Information Botnet IT Consultant Regulation 3D Printing Cameras Cortana Meetings Tracking Processors Machine Learning Cleaning Unsupported Software CCTV Virtualization Webcam Computer Repair Relocation Error Mobile Data Mobile Computing How To Work/Life Balance Point of Sale Ben McDonald shares Recovery Travel Health Private Cloud Black Market G Suite

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3