window._mfq = window._mfq || []; (function() { var mf = document.createElement("script"); mf.type = "text/javascript"; mf.async = true; mf.src = "//cdn.mouseflow.com/projects/0148bb62-7ff8-46ae-a466-bf3fd13c7d09.js"; document.getElementsByTagName("head")[0].appendChild(mf); })();
407-478-6600    Get SUPPORT

TaylorWorks Blog

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like TaylorWorks are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to TaylorWorks at 407-478-6600.

What Does Redundancy Mean for Your Business
Personalities are Key to Successful Networking
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, August 21 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Newsletter Sign Up

  • Company Name *
  • First Name *
  • Last Name *

      Tag Cloud

      Tip of the Week Security Technology Cloud Best Practices Managed IT Services Network Security Privacy Business Computing Data Backup Email Hackers Malware VoIP Data Recovery Outsourced IT Hosted Solutions Backup Tech Term Mobile Devices Microsoft Google Cloud Computing Data Software Business Continuity Innovation Internet of Things Saving Money Efficiency Hardware Android Internet BDR Small Business Cybersecurity IT Support User Tips Disaster Recovery Smartphones Cybercrime Communications IT Services Ransomware Applications Router Business Law Enforcement Artificial Intelligence Managed IT How To Communication Gadgets Managed IT Services Network Business Management Data Protection Collaboration BYOD Windows Phishing Chrome Mobile Device Management Computers Two-factor Authentication Avoiding Downtime Business Intelligence Productivity Virtualization IT Support Smartphone Browser Data Security Money Document Management Office 365 Alert Windows 10 Connectivity Social Media Compliance Vulnerability Spam Social Engineering Identity Theft Save Money Word Computer App Passwords Remote Monitoring Blockchain Facebook Analysis Apps Productivity Telephone Systems Bandwidth Proactive IT Redundancy Mobility IT Management Website Networking Miscellaneous Mobile Device Work/Life Balance Workers Upgrade IT Plan Windows 7 File Sharing Information CES Comparison Encryption Machine Learning OneNote Training Unsupported Software Firewall Data Storage Content Management Wi-Fi Data Breach Employer-Employee Relationship Servers Credit Cards Access Control Update Paperless Office Smart Tech Spam Blocking Automation Flexibility Solid State Drive Password Information Technology Budget Business Owner Private Cloud Microsoft Office Data loss Value Operating System Education Bring Your Own Device VPN Holiday Infrastructure Server Big Data Users Windows Server 2008 Telecommuting Practices Safe Mode Leadership Public Cloud Screen Mirroring Keyboard Criminal Wire Windows 10s Accountants HVAC Professional Services Password Manager Storage Unified Threat Management Netflix Cortana HBO Digital Signature Electronic Health Records Sync Amazon Web Services Cables MSP Voice over Internet Protocol Remote Work Save Time Hosted Computing Managed Service Provider Cast Software as a Service Sports SaaS Outlook Patch Management Enterprise Content Management Current Events End of Support Wireless Tools Risk Management Business Mangement Cleaning Settings Telephony Online Shopping Unified Communications Devices Windows 10 Multi-Factor Security Audit Health Office Tips Regulations Inventory webinar PDF Managed Service Government Workplace Tips Smart Office Frequently Asked Questions Specifications Virtual Reality Scam IoT Password Management Knowledge Business Technology Root Cause Analysis Gmail Addiction Computer Care Technology Tips Strategy YouTube HaaS Skype Evernote Theft Thought Leadership Emails Software Tips Trending Black Market Content Filtering Hacking Conferencing Google Drive Proactive Augmented Reality Instant Messaging Excel Millennials Worker Commute NIST Network Congestion Virtual Assistant Wireless Technology Meetings Botnet HIPAA Recycling Cache Samsung Downtime Start Menu Wireless Charging Legal Entertainment Google Apps Streaming Media Charger Physical Security Lifestyle Battery Students Computer Fan Marketing Hacker Flash Fraud Authentication Hard Drives Remote Monitoring and Maintenance The Internet of Things Data Warehousing USB Human Resources Tip of the week Workforce Insurance Cryptocurrency Electronic Medical Records IT Consultant Telephone System Travel Remote Computing eWaste Wireless Internet Computing Infrastructure Mobile Content Filter Mobile Computing Staff Healthcare FENG Amazon Data Management Fiber-Optic Nanotechnology Line of Business Google Docs Recovery Humor Smart Technology Regulation Scalability Loyalty Emergency Internet Exlporer Customer Service User Error Mobile Office Rootkit Shadow IT Hosted Solution Employer Employee Relationship Hybrid Cloud Domains Experience Twitter Content Hiring/Firing Remote Worker Computer Accessories Public Speaking Music Two Factor Authentication Fun Internet exploMicrosoft Presentation Politics Quick Tips CrashOverride Lithium-ion battery Audiobook Vendor Management Wiring Assessment Files Bluetooth Wearable Technology Tech Support Transportation Advertising 5G Video Games Office Books Company Culture Colocation Safety Webinar IBM Television History Automobile WiFi How to Benefits Search Relocation Managing Stress Competition Best Practice IT solutions Customer Relationship Management Public Computer Techology IP Address Worker Troubleshooting

      Mobile? Grab this Article!

      QR-Code dieser Seite