BNMC Blog

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like BNMC, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, February 17 2019

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Email Cloud Privacy Business Computing Malware Network Security Hackers Productivity Google Software Tech Term Business User Tips Computer Microsoft Internet Mobile Devices IT Services Hosted Solutions Efficiency Communication Ransomware Small Business IT Support Android Data Hardware Smartphone Innovation Managed IT Services Backup Saving Money Windows 10 Cloud Computing Browser Windows Internet of Things Workplace Tips Data Recovery Data Management Managed IT Services Business Continuity Productivity Data Backup Cybersecurity Server Business Management Microsoft Office App Disaster Recovery Encryption Passwords Mobile Device Vulnerability Remote Monitoring Facebook Phishing Office 365 Upgrade Windows 10 Gmail Word Artificial Intelligence Outsourced IT Network Tip of the week Money Employer-Employee Relationship IT Support VoIP Smartphones Chrome Managed Service Provider Applications Users Infrastructure BYOD Analytics communications Information Website Data storage Save Money Robot Big Data Antivirus Automation Settings Virtual Reality Paperless Office Access Control Google Drive Router IT Management Government Content Filtering Employee-Employer Relationship Bandwidth Managed Service Miscellaneous YouTube Social Media Risk Management Company Culture Maintenance Display Office Tips Vendor Management Two-factor Authentication Hacker Laptop Monitors Development Avoiding Downtime Wireless The Internet of Things Scam Spam Computing Outlook WiFi Downtime Operating System HIPAA End of Support Networking LiFi Gadgets Hosted Solution Mobile Security Administration VPN Data Security Mouse SaaS Business Technology Data loss Server Management Unified Threat Management Business Intelligence Touchscreen Holiday Telephone Systems Computers Virtual Private Network Education desktop Quick Tips Apple Retail Alert Tablet Storage Printing Firewall Document Management Managing Stress Address Permissions Content Computer Care IBM Star Wars Tech Support File Sharing Chatbots eWaste Mobile Device Management Solid State Drive Nanotechnology User Error Deep Learning Wearable Technology Network upgrade Chromebook Patch Management Managed IT Service Digital Signage Cables Social Engineering Customer Relationship Management Shortcuts Identity Theft Alerts USB Specifications Monitoring Motherboard Streaming Training Fraud Corporate Profile Cost Management Heating/Cooling Websites Multi-Factor Security Alt Codes Identity Continuity G Suite Hard Disk Drive Screen Reader Charging Time Management Printer Bring Your Own Device Automobile Smart Office Cybercrime Break Fix Troubleshooting Dell Wires Marketing Safety Security Cameras Budget Licensing Dongle Search Black Friday Spying Social Remote Computing Emergency Human Error Information Technology WannaCry Assessment Servers Google Calendar Analysis Typing Humor Cabling Solar Current Events Smart Tech Network Management Best Practice Google Maps Work Network Congestion Dark Web Voice over Internet Protocol Managed Services Cooperation Service Level Agreement Cyber Monday Halloween Writing Device Apps Hotspot Internet Exlporer Wi-Fi Legislation Cryptocurrency Compliance LED IT solutions Going Green Connectivity SharePoint Google Docs IT Technicians Optimization Virtualization Microsoft Excel Hacks Modem FinTech Techology Laptops Digital Payment Staff Leominster Dark Data Update Managed IT Smart Technology PowerPoint Scary Stories How To Lenovo Mobility Google Wallet Language Digital Value Statistics Bitcoin Disaster Regulations Co-Managed IT IoT Politics Downloads Business Growth Collaboration Mirgation Recycling Running Cable Mail Merge Blockchain Password Cookies MSP Buisness VoIP Unified Threat Management Software as a Service Legal Augmented Reality K-12 Schools Customer Service Shortcut Distributed Denial of Service Onboarding Sports Office Firefox Samsung Superfish Print Toner Unified Communications Drones Computing Infrastructure Spyware Professional Services Virtual Desktop Bluetooth Comparison Slack Windows 8 Uninterrupted Power Supply Social Networking Black Market Law Enforcement Entertainment Error Notifications Electronic Medical Records Point of Sale Ben McDonald shares Twitter Physical Security Travel Mobile Computing Upgrades Gadget Emoji BDR Crowdsourcing Supercomputer CrashOverride Staffing Personal Information Botnet Motion Sickness Printers Taxes Regulation 3D Printing Administrator Cortana Web Server what was your? IT Budget Processors GPS Machine Learning IT Consultant Unsupported Software Cameras Tracking Computer Repair Relocation Meetings Cleaning Mobile Data CCTV How To Work/Life Balance Recovery Health Private Cloud Webcam

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3