fbpx
Mytek Logo
MyTek Logo

ALERT: Meltdown and Spectre Vulnerability Grants Malware Access, Patch It Today

by | Jan 15, 2018 | MyTek Blog, Security

Q

Subscribe To The Blog

By subscribing to the blog, you will be notified when a new blog post is created on the site.

Intel’s flagship product has once more brought the corporate community unpleasant attention, only months after their computer chips were found to be seriously flawed. While a patch for the Meltdown and Spectre vulnerability has been found, the answer may depreciate the functionality of the CPU.

In a blog that has been maintained by a user only ever known as Python Sweetness, a post went up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual storage, requiring hardware changes to completely resolve.”

In easier to understand terms, there was a bug that interfered with how other programs interacted with the CPU. A functioning CPU has two modes which are called kernel and user. User mode is the one that’s generally considered ‘safe’ mode, while kernel mode grants access into the computer’s inner workings. Python Sweetness, realized that there was a bug was the issue that it blurred the lines between user and kernel mode. This issue created a way for malware and other malicious programs to access a system’s hardware directly.

This bug was expected to cause the system to modify entire processes back and forth between user mode and kernel mode, which might ultimately slow any of the computer’s functions to a crawl. What’s worse, the initial expectation was that the PC could only be fixed with a hardware change. Fortunately, a fix was devised and released as a Windows update, costing only 2 percent of system performance (much of what would be lost otherwise).

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be installed or ready to go. However, to verify this, head over to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for the Security Update for Windows (KB4056892), or ask your antivirus provider to seek out when or if it will be supported. The patch won’t install until it sees that the antivirus has been updated to a version that the seller verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of more, further updates made to feature those protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have also. it’s something that you simply should check, and if you haven’t received an update yet, talk to and discuss it with your carrier and ask why or look it up on public forums.

An update to Google Chrome is predicted to launch on January 23rd, with other browsers following suit, which will also include mitigations. While you wait, ask your IT resource to assist you with activating Site Isolation to make sure that no malicious websites can access your data.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) can also be in danger, as they’re using similar hardware. It’s really important for business owners to take a look at their entire infrastructure and get it reviewed and audited.

Of course, for the fix to be accessible, the update has got to be installed. This is often the rationale that it’s worth having a managed service provider updating your systems for your business. The MSP would be there, waiting for news and updates, and will be able to jump into action on your behalf. As a representative of your business, you wouldn’t need to worry about handling any of it. This suggests that you and your staff should be able to rely on a company like MyTek to keep your tech safe. Call us at 623-312-2440 for more information.

ABOUT THE AUTHOR

Tim - Team

Tim Tiller, LMSW

 
Tim Tiller, MSW brings a deep service background to his role at Mytek, having graduated from McDonald’s management training program, fresh out of high school, and working his way up through the ranks in the hospitality industry. He has led two prior companies – Multi-Systems Inc., an IT-focused organization providing technology to hospitality companies (where he was named President at age 36), and most recently, as Chief Operating Officer for Jewish Voice Ministries International.

Q

Subscribe To This Author

By subscribing to the author, you will be notified when a new blog post is created by the author.

AUTHOR’S RECENT POSTS

Top 5 Hardware Monitoring Software 

Did you know that almost 40% of servers had at least one outage in the last twelve months? Veeam reports that the most common reason for outrages is infrastructure failure which puts the current hardware monitoring practices under the scanner. Hardware failures are...

Types of Mobile Malware & How to Defend Against Them

Malware has a long history of undermining computer security and stealing critical data. With the rapid growth of mobile usage, we're now seeing a new breed of mobile malware infecting smartphones and tablets. The new-age mobile malware are more advanced, seamless, and...

How to Protect Your Data Privacy & Enhance IT Security

Every time you use a device, you enter, modify or access data. Some of your usages are routine and public but sometimes you perform tasks that are confidential in your personal life or business. Naturally, this type of data is private and it should be kept that way....

Mobile? Grab this Article!

QR Code

Blog Archive

Generated by Feedzy
Share This