window._mfq = window._mfq || []; (function() { var mf = document.createElement("script"); mf.type = "text/javascript"; mf.async = true; mf.src = "//cdn.mouseflow.com/projects/0148bb62-7ff8-46ae-a466-bf3fd13c7d09.js"; document.getElementsByTagName("head")[0].appendChild(mf); })();
407-478-6600    Get SUPPORT

TaylorWorks Blog

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like TaylorWorks are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to TaylorWorks at 407-478-6600.

What Does Redundancy Mean for Your Business
Personalities are Key to Successful Networking
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, November 13 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Tip of the Week Security Technology Network Security Cloud Best Practices Managed IT Services Privacy Business Computing Hackers Data Backup Email Malware Hosted Solutions VoIP Data Recovery Data Mobile Devices Outsourced IT Tech Term Innovation Google Hardware Internet Microsoft Backup Business Continuity Software Internet of Things Cloud Computing Saving Money Communications IT Services User Tips Ransomware BDR IT Support Cybersecurity Communication Efficiency Small Business Android Smartphones Business Productivity Network Disaster Recovery Managed IT Services Applications Artificial Intelligence Cybercrime Browser Workplace Tips Chrome Computer Router Business Management Law Enforcement Windows 10 Gadgets Managed IT How To Server Mobile Device Management Data Security Money Two-factor Authentication IT Support Data Protection BYOD Collaboration Windows Phishing Information Save Money Avoiding Downtime Computers Business Intelligence Virtualization Smartphone Telephone Systems IT Management Redundancy Mobility Alert Proactive IT Document Management Bandwidth Passwords Apps Blockchain Compliance Productivity Social Engineering Analysis Vulnerability Identity Theft Firewall Word Training Remote Monitoring Office 365 App Miscellaneous Facebook Servers Upgrade Social Media Connectivity Spam Data loss Spam Blocking File Sharing Virtual Assistant CES Sports Business Owner Mobile Computing Automation Encryption Machine Learning Wi-Fi Holiday Education Bring Your Own Device Value Operating System Telephone System Content Management Keyboard IT Plan Voice over Internet Protocol Mobile Device Work/Life Balance Access Control Windows 7 Paperless Office Unified Threat Management Smart Tech Comparison Networking Workers Microsoft Office Unsupported Software Budget Data Storage Settings Employer-Employee Relationship Big Data Scam VPN Website OneNote Infrastructure Update Credit Cards Managed Service Solid State Drive Flexibility Information Technology Data Breach Password Private Cloud Fraud Travel Samsung Project Management Hosted Computing Windows 10 Tip of the week Workforce Network Congestion USB Computing Infrastructure Charger GDPR Enterprise Content Management Remote Computing Downtime Business Mangement Mobile Remote Monitoring and Maintenance Public Cloud Google Docs Computer Fan Unified Communications Devices Amazon Screen Mirroring Data Management Warranty Inventory Cortana Windows Server 2008 Telecommuting Electronic Medical Records IT Consultant Recovery Smart Office E-Commerce IoT Password Management Augmented Reality HBO Gmail Addiction Professional Services Line of Business Strategy YouTube Managed Service Provider Wireless Technology FENG Theft Search Engine Thought Leadership Sync Amazon Web Services Cast Software as a Service Windows 10s Printer Remote Work Leadership End of Support Netflix Save Time Camera NIST The Internet of Things Outlook Recycling Cache Marketing Hacker Tools Patch Management MSP PDF Multi-Factor Security Risk Management Google Apps Bing Streaming Media Health Office Tips Telephony Online Shopping Government SaaS Mouse Authentication Technology Tips Regulations Human Resources Students Root Cause Analysis Cleaning Insurance Cryptocurrency Frequently Asked Questions Specifications Current Events eWaste Wireless Internet HaaS Virtual Reality Remote Worker Google Drive Software Tips Trending Content Filter Users Skype Evernote Healthcare Audit Fiber-Optic Administrator Nanotechnology webinar Black Market Content Filtering Staff Meetings Botnet Computer Care Hacking Virtual Private Network Practices Safe Mode Excel Millennials Knowledge Instant Messaging Business Technology Criminal Wire Emails Worker Commute Wiring Accountants HVAC Hard Drives Physical Security Lifestyle HIPAA Password Manager Storage Start Menu Wireless Charging Proactive Digital Signature Electronic Health Records Wireless Data Warehousing WiFi Legal Entertainment Cables Microchip Flash Conferencing Battery Automobile How to Webinar Benefits Public Speaking Twitter Techology Presentation Television Best Practice Utility Computing Humor Lithium-ion battery Troubleshooting Internet Exlporer IT solutions Smart Technology Scalability User Error Hybrid Cloud 5G Public Computer Tech Support Worker Emergency Safety Loyalty IBM Shadow IT Hosted Solution Regulation Hiring/Firing Experience Company Culture Rootkit Fun Internet exploMicrosoft Competition Content Quick Tips Customer Relationship Management Employer Employee Relationship Printers Music IP Address Managing Stress Politics Help Desk Files Advertising Audiobook Office Customer Service Computer Accessories Two Factor Authentication Wearable Technology Colocation Mobile Office Vendor Management Transportation Domains Video Games CrashOverride History Search Assessment Relocation Bluetooth Books

Mobile? Grab this Article!

QR-Code dieser Seite