Velocity Technology Partners Blogs

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

Mere months after the firmware in their computer chips was found to be seriously flawed, Intel’s flagship product has once again brought some unpleasant attention to the company. While the issue now has a fix, there was the possibility that a solution could depreciate the functionality of the CPU.

In a blog maintained by a user known only as Python Sweetness, a post went up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In layman’s terms, there was a bug that interfered with how other programs interacted with the CPU. A functioning CPU has two modes, kernel and user. User mode is the one that is generally considered ‘safe’ mode, while kernel mode grants access into the computer’s inner workings. Python Sweetness, however, realized that there was a bug that blurred the lines between user and kernel mode. This issue created a means for malware and other malicious programs to access a system’s hardware directly.

This bug was expected to cause the system to have to switch entire processes back and forth between user mode and kernel mode, which would ultimately slow any of the computer’s functions to a crawl. What’s worse, the initial expectation was that the computer could only be fixed with a hardware change. Fortunately, a fix was devised and released as a Windows update, costing only 2 percent of system performance (much less than what would be lost otherwise).

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of more, further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (public forums get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Of course, for the fix to take place, the update has to be installed. This is the reason that it is worth having a managed service provider looking out for your business. The MSP would be there, ear to the ground for news of updates, ready to jump into action on your behalf. As a representative of you business, you wouldn’t have to worry about dealing with any of it. This means that you and your staff would be free to focus on profit-generating initiatives, without the distraction of maintenance and updates.
Velocity Technology Partners can be that MSP for you. Call us at (800) - 983 - 5765 for more information.

A Social Media Strategy Helps Businesses Start the...
You Can’t Ignore the Elephant in the Server Room


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, August 18 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

WIndows Server 2008 Credit Cards Congratulations Managed Service Provider Politics Shortcut Chromebook Softphones Applications Spam Vulnerability Compliance Telephone Systems Unified Communications Marketing Gifts Software Gamification FAQ Tech Support Microsoft Word Virus Money Language Hybrid Cloud Office 365 Proactive IT Update Sports Commerce Google Assistant Charger Data Privacy IT Support Tech Term Spyware Efficiency Regulation Business Tip of the Week Employer-Employee Relationship Project Management Google Drive Alert Data Storage Windows Best Practices Ciminal Disaster Recovery Application Internet Data Breach Router Business Continuity Identity Apple Data Protection Cortana Tablets WiFi Data Theft Communication Vendor Management Wireless Charging Risk Management Remote Monitoring Privacy Best Practice Specifications Computing Big Data Identity Theft App Computer Forensics Mobility Word Software as a Service Content Filtering IT Solutions Mobile Security Workers Business Management BDR Evernote Collaboration Cloud Computing Law Enforcement Cloud File Sharing Work/Life Balance Small Business Managed IT Services Networking Company Culture Computers MSP Analysis App store Adobe Managed IT services Cleaning Chrome Social Engineering VPN Thank You Operating System Malware VoIp Microsoft Office Backup Government Wireless Technology Wi-Fi Gmail Value Emergency Computer Patch Management Travel Encryption User Error Licensing IT support intranet Data Management The Internet of Things Passwords Personal Information Connectivity Wireless Internet Google Maps Printing Sales Legislation Hackers Business Computing Saving Money Device Security Students Mobile Device Management Google Docs iPhone Smartphones Smartphone Excel BYOD Google Network Data Security Managing Stress Retail Content Filter HBO Browser Windows Ink IT budget Education Cost Management Email Communications IT Services Smart Tech eWaste Maintenance Lifestyle Outsourced IT Internet of Things Storage Financial Technology Cybercrime Conferencing Social Media Devices Hosted Solution Twitter Data Backup Gadgets User Tips PowerPoint Android Hardware Audit Managed IT OneNote Redundancy Websites Safety Monitoring Screen Mirroring Comparison Fraud Productivity SaaS Automation Bring Your Own Device IT Management IoT Ransomware Security Hard Drive History Outlook WannaCry Artificial Intelligence Memory Hosted Solutions Holiday NFL Telephone Apps Sync Microsoft Blockchain Virtualization Flexibility Proactive Mobile Devices Antivirus Two-factor Authentication Identities Management Streaming Media Windows 10 Technology Updates Unsupported Software Legal Remote Computing Data Innovation Cybersecurity Edge Network Security Server Phishing Data Recovery Data Loss Financial Microsoft Excel Cast