CPU Security Flaw Update

January 17th, 2018 by Jennifer Lough

If you’ve been keeping up with the news, you may have heard about Spectre and Meltdown, which exploit vulnerabilities in the processor chips in both devices and cloud infrastructure. These vulnerabilities almost certainly apply to you. They are in modern processor chips made by Intel, AMD, and ARM Holdings. For those who are not aware or need a refresher, Meltdown and Spectre work by accessing computer memory and stealing data from other programs or applications. Meltdown compromises the separation of application and operating system. An attacker could use one program to access other parts of the operating system and find sensitive data. Spectre breaks the separation between applications or programs. In this exploitation the attacker can access other programs from one unrelated program. Normally, all programs would be isolated from one another and from the sensitive data in the OS.

If you have our Maintenance and Monitoring or flat-rate managed services, we are researching patches and other viable solutions to protect you. After analysis, we will patch your systems for you as necessary. We update antivirus software regularly for managed services clients. These measures will help prevent attackers from exploiting the vulnerabilities. There is no need to patch systems yourself if we are managing them for you. If you want help patching systems outside our managed services agreements, let us know at sales@microvisionsinc.com<mailto:sales@microvisionsinc.com. To further protect yourself, be vigilant about updates. Avoid phishing emails or other opportunities for malware to attack your device.

If you do not use any of our services, be sure to look into the patches released by software companies, including Apple and Microsoft. However, be careful to research patches carefully before implementing them because they may have issues of their own. Update software and web browsers promptly. Be especially careful not to introduce malware to your system through phishing or other means. Finally, make sure you have good security software and keep it running.