Network Synergy Blog

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Network Synergy, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 203.261.2201.

There are New Ways to Secure Your Data
According to Study, Only 28% Utilize Two-Factor Au...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, October 20, 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab

QR-Code dieser Seite

Sign Up

  • First Name *
  • Last Name *

      Blog Categories

      Smartphone Cloud Computing How To Settings Online Currency Typing Windows Bring Your Own Device Remote Computing Microsoft Office Security Cache Applications Government Consulting Language Marketing Maintenance Virtual Private Network User Error Screen Reader Processors Flexibility Superfish LiFi Healthcare Taxes Miscellaneous Assessment Computer Accessories Websites Firefox Mouse IBM Social Networking Cortana Fleet Tracking Browser Virtual Desktop Facebook Printing Bookmarks Documents Point of Sale Technology Tips Consumers Quick Tips Virtualization Finance Compliance Google Drive Downloads IT service eBay Business Management Google Analytics Patch Management Holiday Social Media Motherboard IT Technicians Cyberattacks Outsourced IT Politics Current Events Asset Tracking VPN Writing Congratulations Going Green iPhone WPA3 Business Passwords PC Care Migration Software Tips Operating System 5G GPS Public Cloud Gadget Hotspot Budget Value Avoiding Downtime Saving Money Star Wars Monitoring Botnet Electronic Medical Records Wireless Tutorials Computer Care Windows 8 Licensing IT Consultant YouTube Trending Unified Threat Management Best Available Samsung Sports Remote Support Training Error Read Only Mobility Solid State Drive Printer Uninterrupted Power Supply HIPAA Knowledge Streaming Media Help Desk Net Neutrality Presentation Data storage Business Intelligence Disaster Recovery Meetings IT Support Malware Office Vendor Management Managing Stress Supercomputer Cookies Competition Upgrades Remote Monitoring and Management Business Computing Hard Drives Social Smart Technology Undo Distributed Denial of Service Employee-Employer Relationship Virtual Reality Managed Services Provider Touchscreen VoIP Spyware Enterprise Content Management Tip of the Work Automobile Managed IT Service Upgrade USB Administration IT Support Hard Disk Drive Scheduling Cooperation Server Mobile Device Management Technology Antivirus Google Docs BDR Domains Print Server Managed Service Computer Users Motion sickness Document Management Machine Learning Mobile Office Features Mobile Technology Access Control Computing Infrastructure Server Management PDF File Sharing Mail Merge Electronic Health Records Sync Company Culture Piracy Storage Cyber Monday Network Bandwidth Public Speaking Retail Lithium-ion Battery Data Breach IT Services Mobile Scary Stories Twitter Lenovo Law Firm IT Paperless Office Mirgation Cloud Virus Cables Router Ransomware Techology Network Congestion Communication Efficiency Cost Management Time Management Blockchain Phone System Staff Geography Entrepreneur Data Security Tech Term Managed Service Provider Webcam Word Unified Threat Management Remote Monitoring Mobile Devices Permissions Cameras CIO Break Fix Hard Drive Development Crowdsourcing Hiring/Firing Information Technology Computers WiFi Small Business MSP Refrigeration Notifications LinkedIn Heating/Cooling Administrator Fraud Business Technology Firewall Identity Tip of the week Multi-Factor Security Password Windows 10 Disaster Google Calendar IP Address Hosted Solutions Cryptocurrency Best Practice Wearable Technology Start Menu Data Analyitcs SharePoint Crowdfunding Black Friday Managed IT Gaming Console Servers Proactive Data Warehousing Robot Files Search Law Enforcement Logs Workplace Tips Smartphones Instant Messaging Telephone Systems Address Bluetooth Environment Website Modem 3D High-Speed Internet Big Data Alerts App Windows 8.1 Update Health E-Commerce Recycling Staffing Encryption Excel Halloween Regulation Microsoft Gadgets Email Application Outlook Inbound Marketing Favorites Productivity Personal Information Data Management Digital Augmented Reality Wi-Fi Experience communications Black Market Leadership Innovation Private Cloud Tablet Managed IT Services Networking Comparison IT Solutions Save Money Tracking 3D Printing Monitors SaaS Unsupported Software People Thank You Unified Communications Intranet Scam Wireless Technology Managed IT services Internet Exlporer Alert Nanotechnology Travel Phishing Smart Tech Digital Signature Debate Social Engineering Remote Workers Automation Statistics CrashOverride Regulations User Tips Food Data Loss Fun Hacker Secruity Software Gmail Software as a Service Legislation Operations Skype Recovery Collaboration Google Wallet Hackers Risk Management Web Server Buisness Cleaning CCTV Customer Service Office 365 Data Backup Saving Time Tip of the Week Laptop Wires Cybercrime Running Cable Privacy Vulnerabilities Hardware Relocation Macro Mobile Data Alt Codes Content Filtering History Productivity Downtime Service-based Business Android Tech Support Disaster Resistance OneNote Network Security Project Management Business Continuity Printers IoT eWaste Emoji Microsoft Excel Memory Video Surveillance IT Consulting Two-factor Authentication Google Maps Apple Vulnerability Artificial Intelligence Humor Charger Corporate Profile User Connectivity Bitcoin Text Messaging Utility Computing Backups Customer Relationship Management Technology Laws Money Internet of Things Enterprise Resource Planning Work Station End of Support Drones Office Tips Data Recovery Proactive IT How To Network Management Trainging Mobile Computing Webinar Digital Payment Redundancy Physical Security Dark Web Business Owner Mobile Device Identities Shortcut BYOD Consultation Education Management G Suite Battery Chromebook Best Practices The Internet of Things Legal Fax Server Hacks Infrastructure Save Time Co-managed IT Google Identity Theft Programming Employer-Employee Relationship Telephony PowerPoint IT Management Hacking Conferencing Cybersecurity Hosted Solution Backup Display Windows 10 Chatbots Troubleshooting Apps Chrome Information Computer Repair Mobile Security Specifications Internet Safety Work/Life Balance Spam Cabling Computing Business Growth Deep Learning IT budget

      Latest Blogs

      The cloud is such an important part of today’s business environment that most organizations use it to some extent, even if it’s just for basic storage needs. However, the cloud nee...

      Latest News

      Our Site Has Launched!

      flag

      Welcome to Our New Site!
      We are proud to announce the unveiling of our new website at Network Synergy!

      Read more ...

      Contact Us

      Learn more about what Network Synergy can do for your business.

      callphone

      Call us today    203.261.2201

      Fax Number :    203-261-2935

      126 Monroe Turnpike
      Trumbull, Connecticut 06611

      facebook twitter linkedin #youtube