Contact us today!
217-428-6449

Network Solutions Unlimited Blog

Network Solutions Unlimited has been serving the Decatur area since 2013, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

Mere months after the firmware in their computer chips was found to be seriously flawed, Intel’s flagship product has once again brought some unpleasant attention to the company. While the issue now has a fix, there was the possibility that a solution could depreciate the functionality of the CPU.

In a blog maintained by a user known only as Python Sweetness, a post went up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In layman’s terms, there was a bug that interfered with how other programs interacted with the CPU. A functioning CPU has two modes, kernel and user. User mode is the one that is generally considered ‘safe’ mode, while kernel mode grants access into the computer’s inner workings. Python Sweetness, however, realized that there was a bug that blurred the lines between user and kernel mode. This issue created a means for malware and other malicious programs to access a system’s hardware directly.

This bug was expected to cause the system to have to switch entire processes back and forth between user mode and kernel mode, which would ultimately slow any of the computer’s functions to a crawl. What’s worse, the initial expectation was that the computer could only be fixed with a hardware change. Fortunately, a fix was devised and released as a Windows update, costing only 2 percent of system performance (much less than what would be lost otherwise).

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of more, further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (public forums get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Of course, for the fix to take place, the update has to be installed. This is the reason that it is worth having a managed service provider looking out for your business. The MSP would be there, ear to the ground for news of updates, ready to jump into action on your behalf. As a representative of you business, you wouldn’t have to worry about dealing with any of it. This means that you and your staff would be free to focus on profit-generating initiatives, without the distraction of maintenance and updates.
Network Solutions Unlimited can be that MSP for you. Call us at 217-428-6449 for more information.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 21 February 2018

Captcha Image

Mobile? Grab this Article!

QR-Code

Tag Cloud

Email Application Training BYOD Settings Managed Service Provider Solid State Drive Updates Two Factor Authentication Devices Budget Data storage HBO Small Business Maintenance Travel Specifications Data Security Microsoft iOS Browser Touchscreen Data Backup FAQ WIndows Server 2008 MSP Hosted Solutions Technology Word Hard Disk Drive Hard Drives Screen Mirroring Charger Assessment IT Support Office 365 Employer-Employee Relationship Computer Care Monitor Electronic Medical Records Google Drive Conferencing Scalability Downtime Shortcut Recovery Lifestyle Apps Microsoft Office Cleaning Dark Web Evernote Productivity USB Wireless Technology Phishing Thank You Automation Network Collaboration Wireless Charging Outlook Tech Support Network Security Politics Excel Laptop Cost Management Identity Theft Value Malware Experience Search IT Support Business Continuity Save Money Mobile Devices Mobile Device Books Save Time IT Solutions Windows 10 Hosted Solution BDR Entertainment Google Docs Cybercrime Risk Management Bluetooth Cloud Windows 10s Password iPhone Emails Backup Workers Gmail User Error Microsoft Excel Consultant Innovation Edge Virtualization Instant Messaging Device Security Legislation Safety intranet Microsoft Word Compliance Benefits Internet of Things Bring Your Own Device Colocation Spyware Work/Life Balance Shadow IT HaaS Regulation Virtual Reality Advertising History The Internet of Things eWaste Google Social Media Smartphones User Tips Cybersecurity Content Filtering Nanotechnology Privacy Identities Outsourced IT OneNote Sales Computing Infrastructure Internet NFL Cache SaaS Users Ciminal Education IT budget Saving Money Blockchain Upgrade Content Internet Exlporer Holiday Samsung Android Loyalty Sports Root Cause Analysis Chromecast Business Managed IT Artificial Intelligence Personal Information Spam Blocking Efficiency Gifts Smartphone Meetings Humor Managed IT Services Data Rootkit VPN File Sharing Apple Applications Software Tip of the Week Smart Technology End of Support Techology Monitors Data Breach Data Loss Black Market Miscellaneous Physical Security Remote Monitoring Comparison Files Computer Operating System Worker Commute Redundancy Transportation Spam Avoiding Downtime Unified Threat Management Managed IT Services Patch Management Legal Router Firewall Health Going Green Licensing Security Document Management Troubleshooting Software as a Service Telephone Systems Productivity Public Cloud WannaCry Computer Fan Cloud Computing Employer Employee Relationship Server Gadgets Quick Tips IT Management Business Intelligence Robot Worker Sync Tablets Audiobook How to Relocation hacker Mobile Device Management HIPAA Business Owner Law Enforcement Television Bandwidth Storage Administration Cast How To Computer Accessories IT solutions Adobe Automobile Keyboard Hybrid Cloud Wi-Fi Project Management Office Tips Internet exploMicrosoft Marketing Business Computing Emergency CrashOverride PDF Flexibility Scam Computers Mobile Disaster Recovery Audit Windows Ink Upgrades Webinar Phone System Credit Cards Office Windows 10 Vendor Management Networking Professional Services Encryption Government Data Management Fraud Money Facebook Video Games Managed IT Service Two-factor Authentication Cortana App Mobility Reputation VoIP Windows Customer Battery Workplace Tips Hardware Best Practice Public Computer Alert Congratulations Social Engineering IT Services Data Protection Vulnerability Proactive IT Passwords Communications Data Storage Wireless Big Data Chrome Retail Hackers Best Practices Hiring/Firing Ransomware Google Maps WiFi Business Management Private Cloud Touchpad Unsupported Software Data Recovery Commerce Information Technology Augmented Reality Remote Computing Hacking

Sign Up for Our Newsletter

  • Company Name *
  • First Name *
  • Last Name *