Intel’s flagship product has once more brought the corporate community unpleasant attention, only months after their computer chips were found to be seriously flawed. While a patch for the Meltdown and Spectre vulnerability has been found, the answer may depreciate the functionality of the CPU.
In a blog that has been maintained by a user only ever known as Python Sweetness, a post went up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual storage, requiring hardware changes to completely resolve.”
In easier to understand terms, there was a bug that interfered with how other programs interacted with the CPU. A functioning CPU has two modes which are called kernel and user. User mode is the one that’s generally considered ‘safe’ mode, while kernel mode grants access into the computer’s inner workings. Python Sweetness, realized that there was a bug was the issue that it blurred the lines between user and kernel mode. This issue created a way for malware and other malicious programs to access a system’s hardware directly.
This bug was expected to cause the system to modify entire processes back and forth between user mode and kernel mode, which might ultimately slow any of the computer’s functions to a crawl. What’s worse, the initial expectation was that the PC could only be fixed with a hardware change. Fortunately, a fix was devised and released as a Windows update, costing only 2 percent of system performance (much of what would be lost otherwise).
For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be installed or ready to go. However, to verify this, head over to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for the Security Update for Windows (KB4056892), or ask your antivirus provider to seek out when or if it will be supported. The patch won’t install until it sees that the antivirus has been updated to a version that the seller verifies supports this patch.
If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of more, further updates made to feature those protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have also. it’s something that you simply should check, and if you haven’t received an update yet, talk to and discuss it with your carrier and ask why or look it up on public forums.
An update to Google Chrome is predicted to launch on January 23rd, with other browsers following suit, which will also include mitigations. While you wait, ask your IT resource to assist you with activating Site Isolation to make sure that no malicious websites can access your data.
Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) can also be in danger, as they’re using similar hardware. It’s really important for business owners to take a look at their entire infrastructure and get it reviewed and audited.
Of course, for the fix to be accessible, the update has got to be installed. This is often the rationale that it’s worth having a managed service provider updating your systems for your business. The MSP would be there, waiting for news and updates, and will be able to jump into action on your behalf. As a representative of your business, you wouldn’t need to worry about handling any of it. This suggests that you and your staff should be able to rely on a company like MyTek to keep your tech safe. Call us at 623-312-2440 for more information.