(703) 288-9767    NTC Store
NTConnections Blog

NTConnections has been serving the Reston area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like NTConnections are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to NTConnections at (703) 288-9767.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 18 February 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Cloud Privacy Best Practices Hackers Business Computing Productivity Microsoft Backup Hosted Solutions Malware Internet Google Mobile Devices Efficiency IT Support VoIP Business Managed Service Provider Email Miscellaneous IT Services Server Innovation Workplace Tips Disaster Recovery Business Continuity Data Windows Upgrade Network Hardware Business Management Network Security Software Save Money Saving Money Communication Computer Android Mobile Device Management Virtualization Smartphones communications Managed IT Services Holiday User Tips Microsoft Office Smartphone Browser Data Backup Windows 10 Outsourced IT WiFi Mobile Computing Computers Cybercrime Hacking Chrome Small Business BYOD Social Media Remote Monitoring Operating System IT Solutions Managed IT Services Big Data Alert Application Apple Proactive IT Avoiding Downtime Marketing Budget Cloud Computing Collaboration The Internet of Things Ransomware Quick Tips Social Engineering Data Recovery Automation Information Technology Employer-Employee Relationship Passwords Office Going Green Remote Computing Health Mobility Bring Your Own Device VPN Recovery spam Gadgets Telephone Systems BDR Managed IT Wireless Technology User Error Two-factor Authentication Internet of Things Vendor Management iPhone Save Time Cybersecurity Firewall App Gmail Private Cloud Bandwidth Compliance How To Redundancy IT Support Office 365 Data Management Document Management Risk Management PowerPoint Windows 10 Business Intelligence Website Excel Phone System Antivirus Money Office Tips Content Filtering Downtime History Tablet Analytics Router Lithium-ion battery Value Memory Retail Search Vulnerability Artificial Intelligence Data Security Networking Mouse Network Congestion Credit Cards Trending Meetings HaaS Fax Server Apps IT Consultant Black Market Law Enforcement Solid State Drive Humor Saving Time Statistics Data Storage Internet Exlporer Online Currency Workers Word Data storage Biometrics Business Owner Outlook Printer eWaste OneNote Flexibility Hard Drives Current Events IT Management Work/Life Balance Facebook Administration Maintenance Entertainment IT Plan Running Cable CES Physical Security DDoS Unified Threat Management Robot Skype Unsupported Software Mobile Office Environment Google Drive Public Cloud Customer Relationship Management Intranet Phishing Human Resources SaaS Training Identity Theft Best Available People Safety HIPAA Programming Government HBO Cleaning Cameras Customer Service Video Surveillance Cortana Mobile Keyboard Consultant Entrepreneur Education Multi-Factor Security Screen Mirroring Frequently Asked Questions Tech Support Printer Server Fraud Google Apps Professional Services Hacker Worker Commute Cost Management Piracy Computer Fan Lifestyle Cast Tip of the week Shadow IT Applications Amazon Science Infrastructure Tools User Wireless Files Streaming Media Password Instant Messaging Company Culture Licensing FENG Data Protection Productivity Samsung Windows Server 2008 Wi-Fi Shortcut Amazon Web Services Windows 8.1 Update Twitter Windows 8 Password Manager SharePoint Colocation Encryption Comparison Electronic Medical Records Crowdfunding Windows 7 Sports Bluetooth Online Shopping Tablets Business Mangement Botnet Monitor Hosted Solution Computing Infrastructure Notifications Legal Specifications Data Warehousing Regulations YouTube USB Evernote Recycling Travel Print Server Reputation Wearable Technology End of Support Mobile Device Windows Media Player Social Millennials Servers NarrowBand Wireless Charging Criminal Customers Internet exploMicrosoft Best Practice Social Networking Net Neutrality Hiring/Firing Root Cause Analysis Workforce Computer Repair Flash Chromecast WIndows 7 Fiber-Optic Analyitcs Software as a Service Patch Management Advertising Data loss Telecommuting Sync Laptop Managing Stress Settings Cables Content Management Update Scam Distributed Denial of Service Virus Virtual Desktop Touchscreen Remote Work LinkedIn Charger Software Tips Telephony Touchpad IT service Unified Communications Virtual Reality Blockchain Debate Google Docs Relocation Hybrid Cloud Uninterrupted Power Supply Computer Accessories Computer Care Theft Start Menu Domains Bloatware Staff Spam Blocking Voice over Internet Protocol Audit IaaS Loyalty Conferencing Digital Signature Windows 10s Smart Technology Battery Experience Two Factor Authentication Assessment Music Television Troubleshooting Techology Public Computer Employer Employee Relationship Data Breach Automobile Emails Books CrashOverride IBM Webinar Emergency Users Worker Supercomputer Content IT solutions Video Games Rootkit Knowledge Audiobook Netflix Scalability Politics Transportation How to webinar Benefits PDF