Network Synergy Blog

Network Synergy has been serving the Trumbull area since 1988, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Network Synergy, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 203.261.2201.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 22 May 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab

QR-Code dieser Seite

Sign Up

  • First Name *
  • Last Name *

      Blog Categories

      Social Efficiency Business Computing Analyitcs Solid State Drive Humor Tip of the Work Holiday Thank You Proactive IT Experience Macro VoIP Vendor Management Cookies IT Consulting Identity Theft Wi-Fi Unsupported Software Social Media Cameras Business Help Desk Cyber Monday Virtual Private Network Hiring/Firing Entrepreneur Retail Mobile Office Twitter Google Analytics Virtual Desktop G Suite WiFi Computer Repair Microsoft Office Taxes Specifications People Regulations IT Support Streaming Media Apps Recovery Migration Excel Risk Management Gadget Microsoft Excel Android Google Calendar Food Screen Reader Fun Cleaning Distributed Denial of Service Video Surveillance Data Loss Telephony Error Business Intelligence Machine Learning Troubleshooting Utility Computing Digital Signature Wireless Technology Wireless Work/Life Balance Business Technology Relocation SharePoint Downtime Service-based Business Intranet Save Time eWaste Hard Disk Drive Best Practices Vulnerability Sync Bluetooth App Spam Augmented Reality Statistics LiFi Application Business Owner Cabling Government Marketing Data Backup Business Management Compliance Printing CCTV Personal Information Language Paperless Office Halloween Computing Infrastructure Break Fix Cybercrime Law Enforcement Mouse Internet Facebook Data Management Windows 10 Computer Care Tracking Office 365 Computer Accessories Modem Logs Conferencing BDR Access Control 3D Printing Digital Payment Crowdfunding Saving Time Hacker Data storage IT Solutions Smart Technology Firefox 3D Samsung Data Recovery Small Business Emoji Processors Travel Piracy Search Legislation Public Speaking IBM Operations Spyware Motherboard Assessment Managed IT Services Windows 10 Undo Mobile Device Management Legal communications Server Management Technology Data Security Chatbots Quick Tips Windows 8 Gmail Storage Licensing YouTube Uninterrupted Power Supply Password Domains Shortcut Fraud PDF Monitors Office Webcam Printer Microsoft Documents Display Refrigeration Upgrades Cybersecurity Word Drones Remote Monitoring Online Currency Staffing CrashOverride Training Trending Hackers Public Cloud Backups Administration 5G Maintenance Point of Sale Servers Heating/Cooling Two-factor Authentication Networking Work Station Remote Computing Downloads Secruity IT Services Artificial Intelligence Windows 8.1 Update Education Money Web Server Electronic Medical Records User Telephone Systems Privacy Managed IT services Typing Going Green Tip of the Week Mobility Computers User Tips Productivity LinkedIn Leadership Social Networking Tutorials Law Firm IT Save Money Technology Laws Botnet Employer-Employee Relationship Tablet Identity Nanotechnology Smartphones Permissions Presentation GPS Miscellaneous Identities Star Wars History Workplace Tips Encryption Staff Ransomware Software Tips Hacking Customer Service Value Cryptocurrency IoT Virtual Reality Cortana Superfish Phone System Alerts Consultation Productivity Automobile Network Management Hotspot Computing Wearable Technology Environment Inbound Marketing Meetings Congratulations Skype Laptop Mirgation Black Friday Unified Communications Politics Collaboration Business Continuity Black Market Cloud Computing Healthcare Applications IT Support Firewall Net Neutrality Content Filtering Settings Office Tips Motion sickness Backup Time Management Hosted Solution Upgrade Google Start Menu Websites Disaster Consumers Patch Management Managed IT Apple Google Docs Saving Money Technology Tips Passwords Touchscreen Comparison BYOD Tech Support IT Technicians Techology Scheduling Company Culture Text Messaging Best Available Managed Service Provider Private Cloud Data Warehousing User Error Battery Blockchain Writing Competition Mobile Computing CIO Lithium-ion Battery Infrastructure Print Server Cloud Hacks Corporate Profile Connectivity Tech Term VPN Administrator Google Wallet Phishing Lenovo Programming Bitcoin Hardware Smart Tech Disaster Resistance Software as a Service Physical Security Gadgets Project Management Chromebook Flexibility Buisness Unified Threat Management Files Safety SaaS Network Congestion End of Support Document Management Cost Management Users Communication Scam Deep Learning Charger Outlook Network Co-managed IT Alert Mobile Device File Sharing Knowledge Windows Trainging Remote Support Digital Antivirus Mail Merge Chrome Hosted Solutions Mobile Security Security PC Care Webinar Social Engineering USB Mobile Devices Virtualization Unified Threat Management Information Technology Outsourced IT Customer Relationship Management Browser Computer Mobile Data Bandwidth Best Practice IP Address Cooperation Avoiding Downtime Health Current Events Cache Robot Mobile Technology Automation How To IT Consultant Operating System Budget The Internet of Things Memory Email Bring Your Own Device Redundancy IT budget eBay Gaming Console Alt Codes Internet Exlporer Server Data Fax Server Scary Stories Recycling Smartphone Hard Drives Google Maps iPhone Notifications Tip of the week Managed IT Service Router HIPAA Malware Google Drive Network Security Multi-Factor Security Disaster Recovery Running Cable Business Growth Crowdsourcing Software Big Data IT Management Dark Web Hard Drive Virus Supercomputer Address Innovation Website Internet of Things IT service Sports Debate Data Breach PowerPoint

      Latest Blogs

      Artificial intelligence is perhaps most commonly known as a malevolent force, thanks to popular culture. HAL 9000, Ultron, and many others have reinforced that A.I. will be the dow...

      Latest News

      Our Site Has Launched!

      flag

      Welcome to Our New Site!
      We are proud to announce the unveiling of our new website at Network Synergy!

      Read more ...

      Contact Us

      Learn more about what Network Synergy can do for your business.

      callphone

      Call us today    203.261.2201

      Fax Number :    203-261-2935

      126 Monroe Turnpike
      Trumbull, Connecticut 06611

      facebook twitter linkedin #youtube