Contact us today!
217-428-6449

Network Solutions Unlimited Blog

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

Mere months after the firmware in their computer chips was found to be seriously flawed, Intel’s flagship product has once again brought some unpleasant attention to the company. While the issue now has a fix, there was the possibility that a solution could depreciate the functionality of the CPU.

In a blog maintained by a user known only as Python Sweetness, a post went up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In layman’s terms, there was a bug that interfered with how other programs interacted with the CPU. A functioning CPU has two modes, kernel and user. User mode is the one that is generally considered ‘safe’ mode, while kernel mode grants access into the computer’s inner workings. Python Sweetness, however, realized that there was a bug that blurred the lines between user and kernel mode. This issue created a means for malware and other malicious programs to access a system’s hardware directly.

This bug was expected to cause the system to have to switch entire processes back and forth between user mode and kernel mode, which would ultimately slow any of the computer’s functions to a crawl. What’s worse, the initial expectation was that the computer could only be fixed with a hardware change. Fortunately, a fix was devised and released as a Windows update, costing only 2 percent of system performance (much less than what would be lost otherwise).

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of more, further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (public forums get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Of course, for the fix to take place, the update has to be installed. This is the reason that it is worth having a managed service provider looking out for your business. The MSP would be there, ear to the ground for news of updates, ready to jump into action on your behalf. As a representative of you business, you wouldn’t have to worry about dealing with any of it. This means that you and your staff would be free to focus on profit-generating initiatives, without the distraction of maintenance and updates.
Network Solutions Unlimited can be that MSP for you. Call us at 217-428-6449 for more information.

Tip of the Week: Keeping Productivity Up When the ...
You Can’t Ignore the Elephant in the Server Room
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 22 May 2018

Captcha Image

Mobile? Grab this Article!

QR-Code

Tag Cloud

Tablets Microsoft Excel Communication Training Experience Upgrades Transportation Webinar Artificial Intelligence Touchscreen Wireless Technology Windows 10 Cloud Computing Internet of Things Proactive IT Adobe Antivirus Loyalty Customer Robot Phishing Apps Passwords Data Loss Politics Language Encryption Mobile Device Management Commerce intranet Augmented Reality Data Privacy Two-factor Authentication Money Physical Security Audiobook Management Smart Technology Data storage Edge Vulnerability Gadgets Applications HaaS Cortana Bandwidth Risk Management Chromebook IT Management Application Facebook Wireless Office 365 Files HBO Managed IT Services Relocation Social Engineering Windows Ink Google Maps Mobile Devices Fraud Spam Blocking OneNote Small Business Smart Tech Emergency Assessment hacker Business Intelligence Apple Quick Tips Google Assistant Content Filtering Cleaning Computer Forensics Virtual Reality Going Green VPN Chromecast Updates Conferencing Scam How to Software Two Factor Authentication Analysis Blockchain Personal Information Social Media Employer Employee Relationship Wi-Fi Data Security Gmail Smartphone Server Workers Comparison Hosted Solution Spam Business Computing Windows Mobility Alert NFL WannaCry Google Router Computer Accessories Laptop Data Hard Drives Saving Money Best Practices Ransomware eWaste Maintenance Productivity File Sharing Redundancy Shadow IT IT Solutions Identity Theft Mobile Law Enforcement Monitor Lifestyle Windows 10s Network Disaster Recovery Root Cause Analysis Twitter Managed Service Provider Shortcut Data Storage iOS Congratulations Android Project Management Education Internet Exlporer WiFi Automation Save Money Worker Commute Miscellaneous Managed IT Services Network Security Downtime VoIP Spyware Samsung Browser Wireless Charging Administration Holiday IT Support Hacking Hard Drive Legal Health Efficiency Advertising Managed IT Collaboration Microsoft Office PDF Techology Outlook Internet Recovery Hard Disk Drive Business Management Electronic Medical Records Data Breach USB Data Backup Public Computer Hybrid Cloud Employer-Employee Relationship Smartphones Best Practice Mobile Security Marketing Bring Your Own Device Google Docs Microsoft Data Theft Connectivity IT Services Computer Professional Services Printing Touchpad Update Books Chrome Gifts Device Security Rootkit Proactive Identity User Tips Search Storage Google Drive Document Management Virtualization Information Technology Websites Business Owner Workplace Tips History Productivity Unsupported Software Cybercrime Computing Infrastructure Content The Internet of Things Screen Mirroring Computer Care Bluetooth Sync Content Filter Colocation Word Sales Thank You Automobile Devices Regulation Cybersecurity Security Internet exploMicrosoft Streaming Media Instant Messaging Windows 10 Solid State Drive Charger iPhone Evernote Hiring/Firing Keyboard Battery Big Data Settings Scalability Vendor Management Computers Humor Malware Work/Life Balance Tech Term Privacy Monitors Computer Fan IT solutions Entertainment WIndows Server 2008 Emails Users Excel Government Black Market Password Compliance Cost Management Nanotechnology Mobile Device Microsoft Word Operating System HIPAA Hosted Solutions Retail IoT Avoiding Downtime Legislation Computing Meetings App store Office Backup Budget Outsourced IT Cache Upgrade Business Audit Data Recovery Monitoring Office Tips Financial Technology Private Cloud Credit Cards CrashOverride Specifications Reputation End of Support Unified Threat Management Virus Firewall Patch Management Business Continuity Video Games Dark Web Communications How To Innovation Software as a Service Consultant Tip of the Week Sports Technology BDR Hackers Tech Support Flexibility Value Save Time FAQ Travel Remote Monitoring Phone System IT Support Cloud Troubleshooting MSP Safety Managed IT Service BYOD Ciminal Benefits Remote Computing Worker User Error IT budget Data Protection Hardware App Telephone Systems Identities SaaS Networking Public Cloud Email Licensing Data Management Cast Television