shutterstock 99713225 TEST SIZE V8 051016

 

 "Only the Client can define Quality."

Have IT Questions?
Call us now (888) 894-6411

TWINTEL Solutions Blog

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like TWINTEL Solutions are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to TWINTEL Solutions at (888) 894-6411.

What Does Redundancy Mean for Your Business
Personalities are Key to Successful Networking
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, November 20 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code

Our 10 Benefits

Our 10 Benefits Whitepaper

This whitepaper will evaluate the differences between traditional technical support practices and modern managed IT practices and the pros and cons of both in regards to small and medium-sized businesses.

Download Now!   Need A Consultation?

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Privacy Hackers Business Computing Network Security Backup Malware Hosted Solutions Mobile Devices Data Google VoIP Business Microsoft Software Email bgc roundup Disaster Recovery nonprofit Managed IT Services Business Continuity Alert Innovation Internet Hardware Outsourced IT communications IT Services Smartphones Managed IT Services Data Backup User Tips Windows 10 Tech Term Browser Computer Ransomware Server Saving Money Cybercrime Cloud Computing Android Efficiency Data Recovery Network Internet of Things IT Support BDR Computers Workplace Tips Business Management Small Business Smartphone IT Support Communication Windows Passwords Office Miscellaneous Save Money Productivity Productivity Quick Tips BYOD Social Engineering Chrome Recovery Applications Mobile Device Management Artificial Intelligence Managed IT Cybersecurity Money Telephone Systems Firewall Mobility Work/Life Balance Phishing Social Media Virtualization Windows 10 Gadgets Collaboration Upgrade Law Enforcement Hacking Facebook Vulnerability Compliance App VPN Health Wi-Fi Proactive IT Password Information Holiday Microsoft Office Private Cloud Office 365 Bring Your Own Device Bandwidth Two-factor Authentication Remote Monitoring Data Protection Automation Router Office Tips Flexibility Budget Avoiding Downtime How To Managed Service Provider Apps Safety Mobile Device Keyboard Data Security Servers Redundancy Identity Theft Remote Computing Data Breach Business Intelligence Connectivity Word Google Drive Sports Information Technology Spam HaaS History Scam Mobile Computing Black Market Value Operating System Worker IT Management Voice over Internet Protocol Infrastructure Paperless Office Data Management Software as a Service End of Support Employer-Employee Relationship USB Comparison Unified Threat Management Spam Blocking Data storage Battery Content Filtering Entertainment IT Plan SaaS Update Hiring/Firing Cleaning Business Owner The Internet of Things Training Workers Emergency CES Big Data Credit Cards Government WiFi PDF Solid State Drive Computer Care Document Management Encryption Managed Service Computing Infrastructure Marketing Content Management Patch Management Windows 7 Fraud Legal OneNote Samsung Save Time HIPAA Charger Settings Blockchain Virtual Assistant Risk Management Unsupported Software Data Storage Website Physical Security Automobile Wireless Technology Electronic Medical Records Telephone System YouTube eWaste Password Management Amazon Web Services iPhone Public Computer Audiobook Nanotechnology Camera Excel Remote Work Loyalty Computer Fan Meetings Practices Augmented Reality How to Worker Commute Staff Start Menu Regulation Unified Communications User Error Benefits Knowledge Addiction Microchip Rootkit Criminal NIST Online Shopping Downtime Video Games Smart Tech Multi-Factor Security Printers Wireless Troubleshooting Password Manager Tip of the week Machine Learning FENG Data loss Hosted Computing Remote Worker Reputation Advertising HBO Cache Specifications Hard Drives Windows 10s Digital Signature Tools Theft Monitor Colocation Smart Technology Network Congestion Scalability Experience Search Engine Education Flash Cryptocurrency Evernote Robot Trending Warranty webinar Business Mangement Windows Server 2008 HVAC Laptop Screen Mirroring Inventory Wiring Chromecast Customers Employer Employee Relationship Outlook Wireless Internet Millennials Relocation Techology Public Cloud Two Factor Authentication Bing Vendor Management Sync Safe Mode Wireless Charging Files IBM Data Warehousing Devices Lifestyle Printer Computer Accessories Conferencing Shadow IT Books Gmail Networking Touchpad Assessment Cast Access Control Google Docs Cortana Wire Workforce Humor Accountants Mobile MSP NarrowBand Hacker IT Consultant Instant Messaging Help Desk Users Telephony Fiber-Optic Supercomputer Thought Leadership Mouse Bluetooth Netflix Hosted Solution Recycling Regulations Enterprise Content Management Amazon Apple Television Best Practice CrashOverride Content Authentication Google Apps Frequently Asked Questions Smart Office Telecommuting Going Green Audit Professional Services File Sharing Internet Exlporer Leadership Search Virtual Reality Human Resources Skype Cables Transportation Current Events Politics Software Tips Twitter Administrator Thank You Congratulations nonprofits GDPR E-Commerce