Contact us today!
217-428-6449

Network Solutions Unlimited Blog

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

Mere months after the firmware in their computer chips was found to be seriously flawed, Intel’s flagship product has once again brought some unpleasant attention to the company. While the issue now has a fix, there was the possibility that a solution could depreciate the functionality of the CPU.

In a blog maintained by a user known only as Python Sweetness, a post went up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In layman’s terms, there was a bug that interfered with how other programs interacted with the CPU. A functioning CPU has two modes, kernel and user. User mode is the one that is generally considered ‘safe’ mode, while kernel mode grants access into the computer’s inner workings. Python Sweetness, however, realized that there was a bug that blurred the lines between user and kernel mode. This issue created a means for malware and other malicious programs to access a system’s hardware directly.

This bug was expected to cause the system to have to switch entire processes back and forth between user mode and kernel mode, which would ultimately slow any of the computer’s functions to a crawl. What’s worse, the initial expectation was that the computer could only be fixed with a hardware change. Fortunately, a fix was devised and released as a Windows update, costing only 2 percent of system performance (much less than what would be lost otherwise).

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of more, further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (public forums get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Of course, for the fix to take place, the update has to be installed. This is the reason that it is worth having a managed service provider looking out for your business. The MSP would be there, ear to the ground for news of updates, ready to jump into action on your behalf. As a representative of you business, you wouldn’t have to worry about dealing with any of it. This means that you and your staff would be free to focus on profit-generating initiatives, without the distraction of maintenance and updates.
Network Solutions Unlimited can be that MSP for you. Call us at 217-428-6449 for more information.

Tip of the Week: Keeping Productivity Up When the ...
You Can’t Ignore the Elephant in the Server Room
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, November 18 2018

Captcha Image

Mobile? Grab this Article!

QR-Code

Tag Cloud

Downtime Computing Workers Business Intelligence Shadow IT OneNote Specifications Business Management Remote Computing Best Practice Microsoft Excel Storage Cost Management Cache Humor Tech Support Business Computing Workplace Tips Risk Management Avoiding Downtime Loyalty Cleaning Cortana Wasting Money Memory Disaster Recovery Automation Access Control Tip of the Week Phishing Internet exploMicrosoft PowerPoint Alert How to Virtualization Users NFL Google Assistant WannaCry Antivirus Touchpad Congratulations Telephone Systems Marketing Lifestyle Blockchain Quick Tips Flexibility Evernote Office Analysis Windows 7 Samsung Scalability Data Privacy Content Filter Webinar Dark Web Artificial Intelligence Password Business Technology Legislation PDF Upgrades Troubleshooting Outlook Chrome Software as a Service Students Save Money Emergency MSP VoIP Windows 10 Mobile Device Management Smartphone Financial Hosted Solutions Consultant Encryption History Gifts Administration Communications Wireless Technology End of Support Internet Exlporer Content Information Mobile Devices Microsoft Projects Best Practices WPA3 Government Public Computer iOS Social Media Audit Updates Managed IT Service Education Health Tech Term Settings Techology Wasting Time Advertising Computer Fan Scam Augmented Reality Upgrade VPN Windows Ink Sales Keyboard Hard Disk Drive Data Theft Co-Managed Services Sports Vendor Management hacker Microsoft Word Instant Messaging Sync Hacking IT Support Google Managed Service Windows 10 Files Small Business Touchscreen Websites Connectivity Shortcut Cloud Computing Hard Drives Bandwidth Remote Monitoring Phone System Saving Time Gmail Financial Technology Smart Tech Saving Money Books Save Time Excel Gamification The Internet of Things Accessory Facebook Assessment IT budget Cloud Hackers Video Games IT Services Computer Accessories Tablets CrashOverride Computers Hosted Solution Edge Vendor Unified Threat Management Holiday Ciminal intranet Chromecast Computer Forensics Commerce Credit Cards Redundancy Cybercrime Regulation Monitoring Thank You Compliance Device Security Productivity Productivity Recovery Business Continuity Identity Theft Big Data BYOD Data Security Employer-Employee Relationship Robot App Travel IT Management Colocation Hiring/Firing Document Management IT solutions Email Printers Work/Life Balance WIndows Server 2008 Employee-Employer Relationship Google Docs Electronic Medical Records Cast Computer Project Management Operating System Server Twitter Efficiency Hybrid Cloud Monitor Firewall Licensing Company Culture Social Engineering Employer Employee Relationship Training Physical Security Spam Miscellaneous Chromebook User Tips Two Factor Authentication Android Computing Infrastructure File Sharing Applications Data Breach USB Data storage Management Data Protection Reputation Legal Internet Conferencing Apps Networking Technology Business Owner Bring Your Own Device Relocation Devices Managed IT Services Innovation BDR Camera Search Bluetooth User Error Google Drive Maintenance Smartphones Office 365 Going Green Information Technology Mobile Security Computer Care Google Maps Identities Laptop Printing Application Black Market Retail Mobile Device Solid State Drive Emails Collaboration Fraud Streaming Media Hardware Gadgets IT Solutions Communication Language iPhone Audiobook Unified Communications Spyware IoT Transportation Proactive Data Storage Admin Data Backup Experience Update Office Tips Display Monitors Battery Law Enforcement Personal Information Worker Private Cloud IT Support Proactive IT Microsoft Office Data Wireless HBO Content Filtering Hard Drive Managing Stress Privacy Politics Nanotechnology Managed IT Cybersecurity App store Alexa for Business Router HIPAA Virtual Reality Wireless Charging Security Safety Browser Patch Management Identity Smart Technology Mobility eWaste Meetings Mobile Testing Ransomware Telephone Peripheral FAQ Worker Commute Data Recovery Utility Computing How To File Storage Value SaaS Hyperlink Wi-Fi Automobile Television Managed IT Services Network Security HaaS Unsupported Software Budget Data Management Wireless Internet Professional Services Virtual Assistant Internet of Things Charger Software Malware Amazon Backup Benefits Data Loss Virus Apple Keyboard Shortcuts Windows 10s Money Rootkit Vulnerability Two-factor Authentication Word Customer Public Cloud Business Screen Mirroring Passwords Network WiFi Managed Service Provider Comparison Root Cause Analysis Windows Spam Blocking Entertainment Adobe Outsourced IT