Network Synergy Blog

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Network Synergy, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 203.261.2201.

There are New Ways to Secure Your Data
According to Study, Only 28% Utilize Two-Factor Au...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, August 19, 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab

QR-Code dieser Seite

Sign Up

  • First Name *
  • Last Name *

      Blog Categories

      Wires High-Speed Internet Websites Recycling App Digital Apps eBay Collaboration Vulnerability Identity Staffing Mobile Office Technology Security Project Management Productivity Retail Virtual Reality Safety Monitors Settings Phishing Gmail Cookies Going Green Digital Payment Writing Network Congestion Cables Motherboard WPA3 Computing Infrastructure People Trending Hosted Solutions Gaming Console Training Social Networking 5G Google Drive YouTube Thank You Print Server Screen Reader Deep Learning Application Fraud Information Fax Server OneNote Document Management Internet of Things Cabling Debate Hiring/Firing Computers Modem Technology Tips Remote Workers Hard Drive Fleet Tracking Android Cloud Computing Small Business Enterprise Content Management Hotspot IT budget IP Address Computer Repair Hackers Food Data Security Meetings Managed IT services Streaming Media Outlook Point of Sale How To Remote Support eWaste Bitcoin Connectivity Administration Windows 10 Bring Your Own Device Documents Proactive Company Culture Miscellaneous Tech Support Tip of the Work Buisness Antivirus Monitoring Malware Start Menu Current Events Risk Management Inbound Marketing Help Desk Automobile Patch Management Hosted Solution Microsoft Excel Development Office 365 GPS Upgrade Migration Internet Exlporer Video Surveillance Mouse Identity Theft IT Services Networking Techology Excel Business Continuity Business Management USB Unsupported Software iPhone Service-based Business Black Friday Alert Law Enforcement Server Travel Google Calendar Net Neutrality Computer Accessories Saving Time Chrome Managed IT Crowdsourcing Email Google Analytics Data Recovery Lithium-ion Battery Hacks Virtual Private Network User Software as a Service Mobility Server Management Downtime Corporate Profile Sync Scheduling Files Tutorials Wireless Processors Managed IT Service Education Superfish Big Data Motion sickness IT Solutions Battery G Suite Mobile Mobile Technology Physical Security Knowledge Mail Merge Passwords Online Currency VoIP Utility Computing User Error Environment Cryptocurrency LiFi IT Consultant Efficiency Printing Holiday Analyitcs Value Access Control Storage Cache Disaster Maintenance Geography Skype Mobile Security Microsoft Legislation Government Botnet Programming Managing Stress Firewall Webcam Cameras Backup Mobile Device Macro Windows 8.1 Update Tech Term Quick Tips Webinar Smart Technology Lenovo Google Docs Customer Service Emoji Public Speaking Logs Smartphones Remote Computing Specifications Shortcut Backups Budget Printer PDF IT Management BDR Text Messaging Samsung Best Practice Innovation Spam Proactive IT Compliance Virtualization Piracy Heating/Cooling Business Growth IT Support Unified Threat Management Telephony Ransomware Automation Data Management Vulnerabilities IT service Telephone Systems IT Technicians Hacking Social Business Technology Computer Care Wi-Fi Leadership Chromebook Software Tips Trainging Fun Workplace Tips Virus PowerPoint Apple Windows 10 Office Google Maps PC Care Browser Customer Relationship Management Tip of the week Solid State Drive Unified Threat Management Website Gadgets Data Loss Consultation Troubleshooting Best Practices Public Cloud Save Money Bandwidth Intranet Cyber Monday Social Media Scary Stories Employer-Employee Relationship 3D Display Law Firm IT Hacker Data Warehousing Productivity Password Twitter Computing Healthcare Paperless Office Crowdfunding Health Network Asset Tracking Cost Management 3D Printing Tip of the Week Conferencing Relocation Cybercrime Presentation Office Tips Star Wars Information Technology Cybersecurity Word Work Station Windows 8 Remote Monitoring and Management Managed Service Provider Network Security Typing Regulations Users Cloud Staff Two-factor Authentication Charger Employee-Employer Relationship Enterprise Resource Planning Mobile Computing Tablet Licensing Electronic Medical Records Vendor Management Entrepreneur Recovery Consumers Comparison Hard Drives Nanotechnology Tracking Technology Laws Secruity IoT Disaster Resistance HIPAA Multi-Factor Security Content Filtering Wearable Technology BYOD CIO Mobile Devices Outsourced IT Social Engineering Alerts Machine Learning Smart Tech IT Consulting Digital Signature Microsoft Office Data storage File Sharing Servers Mirgation Politics Time Management Notifications Upgrades Router Wireless Technology Mobile Data Laptop Data Backup Hard Disk Drive Cleaning Blockchain Address Sports IT Support Administrator Internet Mobile Device Management CrashOverride Infrastructure Operating System IBM Phone System Regulation Supercomputer Privacy Congratulations Halloween End of Support Distributed Denial of Service Augmented Reality User Tips Virtual Desktop Refrigeration Artificial Intelligence Uninterrupted Power Supply Computer communications Save Time Touchscreen Best Available Search Humor Spyware Scam The Internet of Things Applications Legal Chatbots Undo Google Wallet Identities Drones Money Gadget Error Managed IT Services Business Computing Cortana Private Cloud Co-managed IT Web Server Operations Permissions Assessment Black Market Domains Taxes Bluetooth Remote Monitoring Google Communication Saving Money Encryption Firefox Language VPN Work/Life Balance Competition Windows How To SharePoint Statistics Data Breach Memory Robot Avoiding Downtime Alt Codes Business Intelligence CCTV Flexibility Network Management Business History Personal Information Software Facebook Redundancy Business Owner Running Cable Smartphone LinkedIn Break Fix WiFi MSP SaaS Unified Communications Marketing Data Cooperation Management Managed Service Experience Hardware Dark Web Disaster Recovery Downloads

      Latest Blogs

      Every business has some sort of management tasks that requires foresight, and staying up on them can keep headache-inducing situations from constantly causing downtime and costing ...

      Latest News

      Our Site Has Launched!

      flag

      Welcome to Our New Site!
      We are proud to announce the unveiling of our new website at Network Synergy!

      Read more ...

      Contact Us

      Learn more about what Network Synergy can do for your business.

      callphone

      Call us today    203.261.2201

      Fax Number :    203-261-2935

      126 Monroe Turnpike
      Trumbull, Connecticut 06611

      facebook twitter linkedin #youtube