(703) 288-9767    NTC Store
NTConnections Blog

NTConnections has been serving the Reston area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like NTConnections are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to NTConnections at (703) 288-9767.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 25 May 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Cloud Privacy Best Practices Hackers Business Computing Microsoft Hosted Solutions Productivity Internet Malware Backup Google Mobile Devices Efficiency VoIP IT Support Business IT Services Email Network Security Miscellaneous Managed Service Provider Server Data Innovation Disaster Recovery Workplace Tips Business Continuity Network Software Windows Upgrade Business Management Saving Money Hardware Communication Android Save Money Browser Smartphone Mobile Device Management Managed IT Services Virtualization Computer Smartphones Data Backup User Tips communications Cybercrime Holiday Microsoft Office Outsourced IT Windows 10 BYOD Computers WiFi Operating System Hacking Chrome Big Data Mobile Computing Small Business Ransomware Data Recovery Social Media Cloud Computing Remote Monitoring Managed IT Services VPN Application IT Solutions Internet of Things Automation Alert Apple Proactive IT Avoiding Downtime Collaboration Employer-Employee Relationship Passwords Marketing The Internet of Things Quick Tips Social Engineering Office Information Technology Budget BDR Health Mobility Bring Your Own Device Going Green Remote Computing Cybersecurity spam Tech Term Recovery Gadgets Bandwidth Managed IT Telephone Systems User Error Vulnerability Data Security Private Cloud Artificial Intelligence Website Redundancy Data Protection Save Time Two-factor Authentication Firewall Business Intelligence Vendor Management iPhone How To Compliance Router App Gmail IT Support Wireless Technology Identity Theft Productivity Windows 10 Mouse PowerPoint Excel Apps Phone System Content Filtering Money Office 365 Downtime Data Management Document Management History Risk Management Tablet Value Retail Memory Antivirus Phishing Search Office Tips Networking Analytics Lithium-ion battery Law Enforcement Applications Intranet Google Drive Environment Humor Statistics Human Resources SaaS Workers Credit Cards Training Safety Business Owner Government Outlook Cleaning OneNote IT Consultant Meetings HaaS Fax Server Mobile Device Flexibility Infrastructure Black Market Work/Life Balance Data Storage Saving Time Administration Word Comparison Online Currency Entertainment Streaming Media Running Cable Internet Exlporer Data loss Data storage Skype Public Cloud Printer Unified Threat Management Encryption Biometrics Mobile Office eWaste IT Management Customer Relationship Management Current Events Smart Tech Hard Drives HIPAA IT Plan Best Available Maintenance CES Facebook People Programming Unsupported Software Network Congestion Update Trending Physical Security DDoS Robot Solid State Drive Laptop Blockchain Settings Google Docs Touchscreen Files Hosted Computing Wireless Internet Worker Commute Distributed Denial of Service Piracy Virtual Desktop Start Menu Password FENG Theft Touchpad Staff IT service Voice over Internet Protocol Wi-Fi Audit User Colocation Relocation Inventory Licensing Virtual Reality HBO Electronic Medical Records Mobile Samsung Uninterrupted Power Supply Cortana Digital Signature Twitter Domains Multi-Factor Security Screen Mirroring Computing Infrastructure Access Control IaaS Fraud Bloatware Hosted Solution Frequently Asked Questions Customer Service Professional Services Crowdfunding Legal Google Apps Strategy Lifestyle Cast End of Support Authentication Amazon Entrepreneur Tip of the week Tools Tech Support Analysis Hacker Internet exploMicrosoft Nanotechnology Windows Media Player Amazon Web Services Cost Management Windows Server 2008 Company Culture Shadow IT Root Cause Analysis Password Manager Windows 8.1 Update Accountants Wireless Science Advertising Connectivity Online Shopping Hiring/Firing Instant Messaging Patch Management Windows 7 Shortcut Botnet WIndows 7 Business Mangement Thought Leadership SharePoint Specifications Windows 8 Data Warehousing Devices Evernote Scam Regulations Charger Travel Bluetooth Managing Stress Sports Recycling Monitor IoT Content Filter Millennials Tablets LinkedIn Hybrid Cloud Print Server Virus Notifications Wireless Charging Servers Criminal Computer Care USB YouTube Reputation Storage Wearable Technology Workforce Debate Flash PDF Computer Accessories Spam Blocking Fiber-Optic Social Software as a Service Net Neutrality Computer Repair NarrowBand Customers Insurance Addiction Telecommuting Keyboard Sync Video Surveillance Cameras Best Practice Cables Social Networking Chromecast Content Management Consultant Practices Cache Remote Work Education Analyitcs Software Tips Telephony Printer Server Computer Fan Unified Communications Assessment Music Television Wire Troubleshooting Techology Public Computer Employer Employee Relationship Data Breach Automobile Emails Books CrashOverride IBM Webinar Emergency Worker Supercomputer Content IT solutions Rootkit Video Games Knowledge Audiobook Netflix Scalability Politics Transportation How to webinar Benefits Users Loyalty Conferencing Windows 10s Smart Technology Battery Experience Two Factor Authentication