window._mfq = window._mfq || []; (function() { var mf = document.createElement("script"); mf.type = "text/javascript"; mf.async = true; mf.src = "//cdn.mouseflow.com/projects/0148bb62-7ff8-46ae-a466-bf3fd13c7d09.js"; document.getElementsByTagName("head")[0].appendChild(mf); })();
407-478-6600    Get SUPPORT

TaylorWorks Blog

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like TaylorWorks are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to TaylorWorks at 407-478-6600.

What Does Redundancy Mean for Your Business
Personalities are Key to Successful Networking
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, February 20 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Tip of the Week Security Technology Network Security Best Practices Cloud Business Computing Privacy Data Backup Managed IT Services Hosted Solutions Hackers Malware Data Recovery Mobile Devices VoIP Google Email Data User Tips Outsourced IT Innovation Internet of Things Tech Term Communications Productivity Backup Internet Microsoft Cloud Computing IT Services Hardware Business Continuity Efficiency Software Artificial Intelligence BDR Cybersecurity Saving Money Business Smartphones Ransomware Communication Small Business Disaster Recovery IT Support Managed IT Services Cybercrime Smartphone Android IT Support Router Gadgets Browser Applications Business Management Windows 10 Workplace Tips Network Chrome How To Mobile Device Collaboration Law Enforcement Managed IT Phishing Computer Word Access Control Business Intelligence Blockchain Holiday Mobility Office 365 Avoiding Downtime Proactive IT Windows Data Security Information Virtualization Spam Mobile Device Management Data Protection Save Money Server Money Two-factor Authentication Computers Training Encryption BYOD Apps Productivity Servers Social Engineering Telephone Systems Automation Analysis Document Management App Remote Monitoring Miscellaneous Facebook Upgrade Bandwidth Redundancy Compliance Social Media IT Management Managed Service Private Cloud Firewall Connectivity Voice over Internet Protocol File Sharing Software as a Service Vulnerability Wi-Fi Settings Passwords Machine Learning Alert Identity Theft Hacker Data Breach Telephone System Credit Cards Business Owner Budget Update Paperless Office Microsoft Office Smart Tech Health Botnet Spam Blocking Education Bring Your Own Device Big Data Fraud Keyboard Human Resources Employer-Employee Relationship Website Data loss Value Operating System Google Drive Work/Life Balance Infrastructure Mobile Computing VPN Save Time Flexibility Google Docs Healthcare Solid State Drive Password Information Technology Unified Threat Management Networking Workers IT Plan Business Technology Scam CES Sports Windows 7 Comparison Telephony Unsupported Software OneNote Virtual Assistant Data Storage Content Management IoT Password Management Remote Monitoring and Maintenance Root Cause Analysis Computer Care Legal Entertainment Gmail Addiction Managed Service Provider Frequently Asked Questions Specifications Knowledge Battery The Internet of Things Skype Evernote Emails Theft Thought Leadership Warranty End of Support Marketing Software Tips Trending USB Strategy YouTube Smartwatch Conferencing E-Commerce Remote Computing Social NIST Line of Business File Versioning Office Tips Meetings Samsung Recycling Cache Search Engine PDF Excel Millennials Network Congestion Start Menu Wireless Charging Charger Data Management Google Apps Streaming Media Printer Physical Security Lifestyle Downtime Recovery Employee Technology Tips Flash Authentication Camera HaaS Users Data Warehousing WiFi Computer Fan Students Vendor Insurance Cryptocurrency MSP Multiple Versions Travel eWaste Wireless Internet Bing Tip of the week Workforce Electronic Medical Records IT Consultant Digital Signage Mobile Content Filter Mouse Amazon Fiber-Optic Nanotechnology FENG Staff Display Leadership Patch Management Practices Safe Mode Remote Worker Restore Data Screen Mirroring Windows 10s Risk Management Criminal Wire Help Desk Hard Drives Wireless Windows Server 2008 Telecommuting Google Search Windows 10 Professional Services Netflix Password Manager Storage Administrator HBO Accountants HVAC Sync Amazon Web Services Cables Virtual Private Network Computing Infrastructure Digital Signature Electronic Health Records Security Cameras Virtual Reality Hosted Computing Wiring Backup and Disaster Recovery Cast SaaS Shortcuts Remote Work Enterprise Content Management Proactive Tools Cleaning Business Mangement Microchip Public Cloud Outlook Current Events Black Market Content Filtering Augmented Reality Online Shopping Hacking Unified Communications Devices Project Management Multi-Factor Security Instant Messaging Employee/Employer Relationship Cortana webinar Worker Commute Inventory GDPR Government Audit HIPAA Smart Office eCommerce Wireless Technology Regulations ISP IBM Utility Computing Hybrid Cloud Safety Two Factor Authentication Books Vendor Management Automobile CrashOverride How to Bluetooth Benefits Assessment Hiring/Firing Customer Relationship Management Best Practice Competition Quick Tips Webinar Fun Internet exploMicrosoft IP Address Troubleshooting Company Culture Regulation Smart Technology Television Scalability Emergency Files Customer Service Office IT solutions Advertising Mobile Office Shadow IT Hosted Solution Managing Stress Domains Worker Printers Colocation Public Computer Experience History Loyalty Relocation Content Search Public Speaking Rootkit Music Employer Employee Relationship Techology Politics Presentation Net Neutrality Humor Audiobook Twitter Lithium-ion battery Internet Exlporer Wearable Technology Computer Accessories Transportation User Error Tech Support Video Games 5G

Mobile? Grab this Article!

QR-Code dieser Seite