Meltdown and Spectre exploits – what you should know
This week, two new vulnerabilities have been identified that impact almost all computers. The vulnerability lies within Intel, AMD and ARM CPUs that were released anytime after 1995. The exposure from this weakness is profound. It impacts almost all laptops and desktops, as well as servers and even extends to most mobile devices. In short – it’s a massive security flaw.
Thankfully, we have not heard of anyone using the what is now known as Meltdown and Spectre – yet. Of course, it is just a matter of time.
What are Meltdown and Spectre?
Modern CPUs have protections in place to keep data from leaking between the operating system, programs and between individual programs. The purpose is to make sure your data cannot be exploited.
Over the last few months, security researchers from many places have discovered a flaw in the CPU architectures that can be exploited to access data that have been protected.
- Meltdown breaks the isolation between your Operating System (Windows 7, Windows 10, Mac OS X, iOS, and more) and individual programs on your computer.
- Spectre breaks the isolation between different programs – between Word and Excel for example.
These barriers are designed to make programs run safely and are essential to the security and integrity of your systems.
What should you do to stay safe?
As you see notifications from your computer for Windows Updates or Mac OS updates appear, don’t delay them – let them install.
On your cell phone, keep an eye out for software update notifications, and run them as early as you can.
Be even more aware of pop-ups and emails that seem fishy. For hackers to be able to exploit your desktop, laptop or mobile device – they first have to install software on your computer. The easiest way to do this is by having you click a malicious pop-up or link in an email.
Follow best practices for email and web browsing and you’ll be safe. Don’t click through to sites you are unsure of. Don’t click on links in pop-ups. Don’t open emails from suspicious senders, or links from people and companies you don’t know. And if you must follow a link, take an extra second or two to really inspect the link that you are forwarded to. Hackers use similar URLs but there’s often a subtle difference.
If you are in doubt or even if you just feel a little overwhelmed by this, call or email us at firstname.lastname@example.org and we’re glad to take a look for you.
Does it impact our clients?
If we are providing hosting services for you – we are always closely monitoring patch releases from Microsoft and Linux vendors and applying them as they are released. We always perform security updates on a regular schedule. As the patches for Meltdown and Spectre are released, we will be doing updates. Because of the severity of this, we will try to provide ample notice, but the updates will be most often be applied the day that they become available.
If we provide support services for you, then we will closely monitor patches for your laptop, desktop, and server operating systems and coordinate getting these installed quickly with you. If we are not supporting your desktops and you have not yet heard from the firm that services these, you may wish to call them and find out what their plans are. Or call us.
411 or 911? Call us.
We know that the security can seem a little overwhelming. There’s so much to keep track of and a flurry of information. That’s why we’re here. We’ll help you manage and we’ll help ensure that we cut through the clutter of it all. Our mission is to worry about technology for you – so you can focus on your business.
So if you or your colleagues have any questions or concerns, please feel free to reach out to us via our Contact Us page. If you have a security issue or just need to sleep better at night, call us. We’re here to help.