Contact us today!

Network Solutions Unlimited Blog

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

Mere months after the firmware in their computer chips was found to be seriously flawed, Intel’s flagship product has once again brought some unpleasant attention to the company. While the issue now has a fix, there was the possibility that a solution could depreciate the functionality of the CPU.

In a blog maintained by a user known only as Python Sweetness, a post went up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In layman’s terms, there was a bug that interfered with how other programs interacted with the CPU. A functioning CPU has two modes, kernel and user. User mode is the one that is generally considered ‘safe’ mode, while kernel mode grants access into the computer’s inner workings. Python Sweetness, however, realized that there was a bug that blurred the lines between user and kernel mode. This issue created a means for malware and other malicious programs to access a system’s hardware directly.

This bug was expected to cause the system to have to switch entire processes back and forth between user mode and kernel mode, which would ultimately slow any of the computer’s functions to a crawl. What’s worse, the initial expectation was that the computer could only be fixed with a hardware change. Fortunately, a fix was devised and released as a Windows update, costing only 2 percent of system performance (much less than what would be lost otherwise).

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of more, further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (public forums get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Of course, for the fix to take place, the update has to be installed. This is the reason that it is worth having a managed service provider looking out for your business. The MSP would be there, ear to the ground for news of updates, ready to jump into action on your behalf. As a representative of you business, you wouldn’t have to worry about dealing with any of it. This means that you and your staff would be free to focus on profit-generating initiatives, without the distraction of maintenance and updates.
Network Solutions Unlimited can be that MSP for you. Call us at 217-428-6449 for more information.

Tip of the Week: Keeping Productivity Up When the ...
You Can’t Ignore the Elephant in the Server Room


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Wednesday, August 22 2018

Captcha Image

Mobile? Grab this Article!


Tag Cloud

Miscellaneous Monitor Business Computing Social Media Data Bluetooth Phishing Screen Mirroring Communications Save Time Updates Gmail CrashOverride How to Malware Hard Drive Technology Identities IT Management Two Factor Authentication Outlook Gadgets User Tips Emergency Entertainment IT Solutions Spam SaaS Tech Support VPN Keyboard Nanotechnology Computers iPhone Sales PDF Email Applications Antivirus Going Green App store Two-factor Authentication Disaster Recovery Productivity Wireless Charging Language Gamification Big Data Touchpad Public Cloud Software as a Service Hardware Users Wasting Money Alert Amazon Training Word Gifts Cloud Computing IT budget Network Security Mobile Cybercrime Financial Technology Mobility Avoiding Downtime Password Facebook Black Market Mobile Device IT Services Microsoft Hackers Value Instant Messaging Administration Collaboration Unified Communications Windows 10s Telephone Systems Data Breach Ransomware Solid State Drive Data Management Windows 10 Managed IT Service Wireless Internet Wi-Fi Smartphones Identity Passwords Computing Infrastructure Mobile Device Management Consultant BYOD NFL Colocation Books Windows Data Privacy Worker Application Phone System Education Legislation Benefits Virus Social Engineering How To Transportation Data storage Office 365 Downtime Smart Technology FAQ Lifestyle Router Budget Computer Forensics Charger Computer Accessories Relocation Scam Webinar IT solutions Productivity Video Games Thank You Conferencing Business Management Managed IT Remote Computing WiFi Hard Drives Management Worker Commute Microsoft Word Analysis Cybersecurity Outsourced IT Touchscreen Cache Meetings Content Filter Experience HIPAA Computer Care Bandwidth Internet Exlporer Document Management Advertising Maintenance Apple Travel PowerPoint Security Employer Employee Relationship Best Practices Television Students Excel Blockchain Cast Device Security Business Office Tips Internet exploMicrosoft Battery Dark Web Loyalty Regulation Shortcut Government Politics Private Cloud Cortana Remote Monitoring intranet Small Business Unsupported Software Business Intelligence Settings Content WPA3 Sports Virtual Reality Virtualization IT Support Marketing BDR Evernote Android Monitors Encryption Search Emails Assessment Legal Automation Laptop Wireless Technology Employer-Employee Relationship Data Theft Chromecast Chromebook Data Recovery Chrome App Tablets Commerce Scalability Devices Financial Company Culture Efficiency Mobile Security Robot Google Business Owner Samsung Bring Your Own Device Augmented Reality Files USB IoT Cleaning Office Cloud Update Microsoft Excel Identity Theft Networking Google Maps Techology Managed IT Services Communication Safety Computer Fan Cost Management End of Support Adobe Vulnerability Google Drive Managed Service Provider Hosted Solutions Mobile Devices Shadow IT Hard Disk Drive Retail Law Enforcement Connectivity Twitter Root Cause Analysis Audiobook Information Technology Health Flexibility Hosted Solution Managed IT Services Monitoring Hiring/Firing Physical Security Tech Term Privacy Reputation Unified Threat Management Upgrade Rootkit iOS Internet of Things Network Personal Information Saving Money User Error Data Protection The Internet of Things Recovery WIndows Server 2008 Managing Stress Operating System Holiday Specifications Comparison HaaS Internet VoIP MSP Information Spam Blocking OneNote Workers Ciminal Professional Services Risk Management Storage Data Security Customer Innovation Alexa for Business IT Support Backup Virtual Assistant Quick Tips Upgrades Business Technology Wireless Server Microsoft Office Apps Project Management Data Storage Hacking Printing Automobile Proactive IT Data Loss Vendor Management Money Fraud Proactive Hybrid Cloud Sync Best Practice Computing Redundancy File Sharing Memory Smart Tech Smartphone Workplace Tips Public Computer Patch Management Congratulations Windows 10 Spyware File Storage Humor Save Money Compliance hacker Websites WannaCry Business Continuity Browser Software Computer Google Docs Tip of the Week Streaming Media Firewall Audit HBO Data Backup Licensing Google Assistant Troubleshooting Content Filtering Work/Life Balance History Edge eWaste Windows Ink Electronic Medical Records Artificial Intelligence Credit Cards