Drew Morrisroe

CTN has been serving Delaware Valley businesses since 1997, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. Python Sweetness discovered that the bug allowed programs which run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space. Programs could gain access to memory being used by other programs, or in the case of virtual machines, they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a much smaller sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like CTN Solutions, would have heard about this issue, learned its associated update, and taken the actions needed to resolve it.

This can all be done without your business needing to worry about handling any of it, freeing the internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at (610) 828-5500.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 17 December 2018
If you'd like to register, please fill in the username, password and name fields.

Newsletter Sign Up

  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Recent Comments

      It’s Imperative that You Use Correct KVM Switches
      13 December 2018
      It was imperative that you have been used all the KWM switches while configuration to this it need s...
      Do You Know All the Things an MSP Can Do?
      11 December 2018
      All the solutions of the problematic people have been ensured at the brisk of the elements. The refl...
      Technical Issues? There Is a Better Way
      07 December 2018
      Such an amazing article you have shared about the technical issues and https://www.essaywritinglab.c...
      Tip of the Week: View Your Current Google Sessions for Optimal Security
      26 November 2018
      Securities are making now the new session of the optimal ways of the Google ID protection with the d...
      Tip of the Week: What to Do When the Internet Goes Out
      24 November 2018
      The lapse in the connectivity of internet has been ensured with the support of the sober contacts. T...