BNMC Blog

By accepting you will be accessing a service provided by a third-party external to https://www.bnmc.net/

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like BNMC, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, May 29 2020

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Productivity Business Computing Privacy User Tips Cloud Network Security Email Hosted Solutions Microsoft Software Hackers Computer Malware Efficiency Business Communication Small Business Data Google Workplace Tips IT Services Mobile Devices IT Support Cloud Computing Hardware Tech Term Managed IT Services Internet Data Recovery Backup Ransomware Innovation Outsourced IT Users Smartphone Smartphones Android Upgrade Saving Money Mobile Device Windows Data Backup Miscellaneous Business Management VoIP Server Facebook Phishing communications Microsoft Office Business Continuity Information Disaster Recovery Windows 10 Productivity Office 365 Managed IT Services Social Media Cybersecurity Network Browser Internet of Things Data Management Windows 10 Passwords Gadgets Word Vulnerability Remote Monitoring App Gmail Mobile Office Chrome Apps Managed Service Artificial Intelligence Quick Tips Encryption Infrastructure Company Culture Tip of the week Settings Virtual Reality Managed Service Provider Networking Analytics VPN Employer-Employee Relationship Access Control BYOD Website Remote Workers Applications Router Money IT Support Save Money WiFi Automation Avoiding Downtime Information Technology Antivirus Google Drive Maintenance Collaboration Firewall Content Filtering Bandwidth Development Government Apple Education YouTube Computers Storage Employee-Employer Relationship HIPAA IT Management Data Security Risk Management BDR Display Paperless Office Office Tips Virtual Private Network Hacker Data storage Big Data Robot Unified Threat Management Bring Your Own Device Operating System Telephone Systems LiFi desktop Social Downtime Two-factor Authentication Managed IT Service Humor Marketing Hosted Solution End of Support Best Practice Augmented Reality Customer Relationship Management Scam Administration MSP Mouse Remote Computing iOS Managing Stress Break Fix Document Management Search Going Green SaaS Solid State Drive Conferencing Wi-Fi Wireless Virtualization Managed Services Holiday IT Printing Retail Alert Hard Disk Drive Business Technology Social Network Password Server Management Mobile Security OneNote Touchscreen Managed IT Data Breach Tablet Laptop Windows 7 Monitors The Internet of Things Software as a Service Vendor Management Business Intelligence Outlook Data loss Spam Computing Chromebook Bluetooth Comparison Social Engineering Messaging Staff Leominster Firefox Superfish Logistics Content Huawei Modem FinTech Budget Cybercrime Entertainment Vendor Language Value Address Permissions Websites Digital Payment Digital Signage Data Warehouse Regulations Disaster Shortcuts Mobile Management IoT Patch Management Typing Digital Monitoring Solid State Drives Mirgation Recycling User Error Inventory Specifications Safety Employee-Employer Relationships K-12 Schools Asset Management Current Events Streaming Processor Cookies Hybrid Cloud Computing Infrastructure Professional Services Troubleshooting Business Analysis Social Networking Heating/Cooling Multi-Factor Security Uninterrupted Power Supply Security Cameras Profiles Star Wars Cryptocurrency Spyware Spying National Security Chatbots eWaste Time Management Printer Shadow IT Network Congestion Nanotechnology Black Friday Google Docs Computer Care IBM Halloween Analysis Students Wearable Technology Network upgrade IT solutions Memes File Sharing Human Error Memory Writing Scalability Alerts USB Emergency Hacks Virus Motherboard Cables Servers Google Calendar Utility Computing Fraud Cost Management Dark Web Bitcoin Identity Theft Updates Identity Continuity Network Management Gamification Google Wallet Screen Reader Charging Cyber Monday Business Growth Training Corporate Profile Scary Stories Mixed Reality Smart Office Dark Data Update Device Reducing Cost Legal G Suite Running Cable Migration Consulting Licensing Dongle Automobile LED Threats Wires Legislation Dell Laptops Assessment Microsoft Excel Windows 8 Politics Buisness PowerPoint Solar SharePoint Unified Communications COVID-19 Drones Batteries Smart Tech Smart Technology Work/Life Balance WannaCry Sports Work Techology Holidays Customer Service Cabling Virtual Desktop Mobility Deep Learning Office Samsung Cooperation Service Level Agreement How To Lenovo Distribution Mobile Device Management Health Private Cloud Google Maps Co-Managed IT Voice over Internet Protocol Statistics Remote Work Managed Services Provider Hotspot Internet Exlporer Mail Merge Blockchain Tech Support Onboarding GDPR Compliance Downloads Print Toner Myths Connectivity Shortcut Distributed Denial of Service Alt Codes Slack Hard Disk Drives IT Technicians Optimization VoIP Unified Threat Management Payment Card Notifications IT Consultant Mobile Computing Electronic Medical Records Twitter Cameras Physical Security Upgrades Gadget Tracking Emoji Meetings Crowdsourcing Cleaning CCTV Personal Information Botnet Cortana Webcam 3D Printing Processors Error Machine Learning Printers Point of Sale Ben McDonald shares Unsupported Software Travel Computer Repair Relocation Mobile Data Supercomputer CrashOverride Regulation How To Staffing Recovery Motion Sickness Taxes Administrator Financial Black Market Web Server what was your? IT Budget Law Enforcement GPS

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3