croom new

Eclipse Integrated Systems Blog

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

Mere months after the firmware in their computer chips was found to be seriously flawed, Intel’s flagship product has once again brought some unpleasant attention to the company. While the issue now has a fix, there was the possibility that a solution could depreciate the functionality of the CPU.

In a blog maintained by a user known only as Python Sweetness, a post went up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In layman’s terms, there was a bug that interfered with how other programs interacted with the CPU. A functioning CPU has two modes, kernel and user. User mode is the one that is generally considered ‘safe’ mode, while kernel mode grants access into the computer’s inner workings. Python Sweetness, however, realized that there was a bug that blurred the lines between user and kernel mode. This issue created a means for malware and other malicious programs to access a system’s hardware directly.

This bug was expected to cause the system to have to switch entire processes back and forth between user mode and kernel mode, which would ultimately slow any of the computer’s functions to a crawl. What’s worse, the initial expectation was that the computer could only be fixed with a hardware change. Fortunately, a fix was devised and released as a Windows update, costing only 2 percent of system performance (much less than what would be lost otherwise).

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of more, further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (public forums get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Of course, for the fix to take place, the update has to be installed. This is the reason that it is worth having a managed service provider looking out for your business. The MSP would be there, ear to the ground for news of updates, ready to jump into action on your behalf. As a representative of you business, you wouldn’t have to worry about dealing with any of it. This means that you and your staff would be free to focus on profit-generating initiatives, without the distraction of maintenance and updates.
Eclipse Integrated Systems can be that MSP for you. Call us at 800-340-0505 for more information.

Tip of the Week: Keeping Productivity Up When the ...
You Can’t Ignore the Elephant in the Server Room
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, February 24 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Privacy Cloud Network Security Google Hackers User Tips Internet Productivity Software Malware Business Management Microsoft Innovation Efficiency Tech Term Hosted Solutions Computer Backup Business Windows 10 Browser Email Smartphones Cybersecurity Mobile Devices Apps Productivity Hardware Managed IT Services Data Backup Windows Data Recovery Saving Money Communication Collaboration Internet of Things Smartphone Passwords Small Business Holiday Data Security communications VoIP Android Virtualization Cybercrime Workplace Tips Law Enforcement Wireless Business Continuity Disaster Recovery Microsoft Office Ransomware Network Data Operating System Mobility Mobile Device IT Support Cloud Computing Office 365 Users Windows 10 IT Services Miscellaneous IT Support Outsourced IT Wi-Fi Update Gadgets Phishing Password BDR Quick Tips Social Media Money Mobile Device Management Telephone Systems Chrome Server Risk Management Health Upgrade Best Practice Cost Management Employer-Employee Relationship Government Google Drive Vulnerability Unsupported Software Social Application Information Technology Facebook App User Error Alert Managed IT Marketing Office tips Current Events Computers Blockchain USB Personal Information Hacking Artificial Intelligence Antivirus Patch Management Spam Data Management Managed Service Provider Identity Theft Save Money Two-factor Authentication Sports Shortcut Politics Networking Information Automation Work/Life Balance Managed IT Services Streaming Media Proactive IT Bandwidth Connectivity Audit HaaS Transportation iPhone Managing Stress Save Time Internet Exlporer Company Culture Television Wireless Charging The Internet of Things Automobile Google Docs Wireless Technology Compliance Fraud SaaS Commerce Hosted Solution Computer Care Data Storage Legal Search Word Analytics Data Protection VPN Applications Telephony Maintenance Humor Meetings Social Engineering Outlook Going Green Flexibility Remote Computing Office Remote Monitoring and Management Apple Access Control Router Encryption Medical IT Cleaning Excel Recovery G Suite Samsung OneNote eWaste Storage History End of Support Battery Mobile Computing DDoS Mobile Security WiFi Devices BYOD Instant Messaging Tech Support Training Gmail Cortana Private Cloud Business Intelligence Managed Service Touchscreen Authorization Benefits Tablets Spyware Phone System Websites Amazon Conferencing Value Dark Web Solid State Drive Updates Laptop Hybrid Cloud Settings Legislation E-Commerce WIndows Server 2008 Advertising Unified Communications Help Desk Computer Accessories Fax Server Augmented Reality Video Games Data Privacy Electronic Medical Records Downloads Smart Technology Computer Fan NFL Music Data Theft Virtual Assistant HBO Gifts Robot Error Hacker Hard Disk Drive Adobe Microsoft Word Touchpad Managed IT Service Teamwork Comparison Reputation Emails Payment Data Breach Data storage RAM Certification Trending Microsoft Excel Identities Hard Drive Safety Virtual Reality Trends Troubleshooting WannaCry Edge Computing Plug-In Unified Threat Management Lithium-ion battery Credit Cards Internet Explorer Microsoft Office 365 Keyboard Wearable Technology Entertainment Cables Screen Mirroring Specifications Administrator Black Market Webinar Vulnerabilities Evernote Microsoft Teams Security Cameras Vendor Management File Sharing Language Chromebook Reporting Education A.I. Profitability Windows Ink Ciminal Big Data App store Upgrades IT Management Threat Licensing Uninterrupted Power Supply Device Security Operating Sysytem Virus Voice over Internet Protocol Cast Sales Access IT solutions Cryptocurrency PDF Worker Commute Wearables Budget Scalability Printing IT Solutions FAQ Movies Eliminating Downtime Scam Nanotechnology Google Maps Project Management Books Analysis Consultant PowerPoint Authentication Hiring/Firing iOS Running Cable Travel Avoiding Downtime Experience Proactive Retail Google Assistant GDPR Windows 10s Sync Workers Text Messaging Bring Your Own Device SharePoint Chromecast How To Charger Point of Sale Wireless Internet Employer Employee Relationship Bluetooth Root Cause Analysis Distributed Denial of Service Data Loss Files IT budget Identity Healthcare Printers Disaster Twitter Cache Regulation Remote Monitoring Emergency CrashOverride Monitors Relocation Worker Paperless Office

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      Latest News

      Eclipse Integrated Systems launches new website!

      Eclipse Integrated Systems is proud to announce the launch of our new website at www.eisystems.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

      Read more ...

      Account login