croom new

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

Mere months after the firmware in their computer chips was found to be seriously flawed, Intel’s flagship product has once again brought some unpleasant attention to the company. While the issue now has a fix, there was the possibility that a solution could depreciate the functionality of the CPU.

In a blog maintained by a user known only as Python Sweetness, a post went up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In layman’s terms, there was a bug that interfered with how other programs interacted with the CPU. A functioning CPU has two modes, kernel and user. User mode is the one that is generally considered ‘safe’ mode, while kernel mode grants access into the computer’s inner workings. Python Sweetness, however, realized that there was a bug that blurred the lines between user and kernel mode. This issue created a means for malware and other malicious programs to access a system’s hardware directly.

This bug was expected to cause the system to have to switch entire processes back and forth between user mode and kernel mode, which would ultimately slow any of the computer’s functions to a crawl. What’s worse, the initial expectation was that the computer could only be fixed with a hardware change. Fortunately, a fix was devised and released as a Windows update, costing only 2 percent of system performance (much less than what would be lost otherwise).

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of more, further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (public forums get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Of course, for the fix to take place, the update has to be installed. This is the reason that it is worth having a managed service provider looking out for your business. The MSP would be there, ear to the ground for news of updates, ready to jump into action on your behalf. As a representative of you business, you wouldn’t have to worry about dealing with any of it. This means that you and your staff would be free to focus on profit-generating initiatives, without the distraction of maintenance and updates.
Eclipse Integrated Systems can be that MSP for you. Call us at 800-340-0505 for more information.

Tip of the Week: Keeping Productivity Up When the ...
You Can’t Ignore the Elephant in the Server Room
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, August 19 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Privacy Cloud Business Computing Google Hackers Network Security Business Management Software Malware Internet Microsoft Computer Hosted Solutions Tech Term Innovation Windows 10 User Tips Backup Productivity Productivity Business Apps Cybersecurity Email Managed IT Services Mobile Devices Efficiency Windows Virtualization Browser Cybercrime Saving Money Smartphone Smartphones Hardware Small Business communications Law Enforcement Operating System VoIP Data Backup Internet of Things Communication Data Recovery Disaster Recovery Passwords IT Support Business Continuity Android Data Security Microsoft Office Collaboration Ransomware Money Miscellaneous Network Mobility Holiday IT Support Workplace Tips Phishing Chrome Office 365 Social Media BDR Mobile Device Management Telephone Systems Wireless Server Quick Tips IT Services Cloud Computing Password Unsupported Software Vulnerability Best Practice Risk Management Google Drive Gadgets Wi-Fi Social Outsourced IT Cost Management Data Employer-Employee Relationship Health Application Government Information Technology App Update Computers Politics Upgrade Streaming Media Two-factor Authentication Hacking Shortcut User Error Data Management Work/Life Balance Facebook Save Money Sports Office tips Managed IT Proactive IT Current Events Users USB Artificial Intelligence Blockchain Antivirus Automation Spam Patch Management Alert Identity Theft Managed Service Provider Windows 10 Mobile Computing DDoS The Internet of Things WiFi Maintenance Wireless Technology Router Hosted Solution Encryption Office History Samsung OneNote Cleaning Bandwidth End of Support Battery Mobile Security VPN Excel Networking Information Social Engineering Television Private Cloud Telephony Humor Managed IT Services Devices Cortana HaaS Remote Computing Business Intelligence iPhone Managing Stress Audit Company Culture Recovery Save Time Automobile Compliance Personal Information Google Docs SaaS Commerce Meetings Wireless Charging Computer Care Going Green Legal Tech Support Fraud Gmail Data Storage Analytics Apple Search Transportation eWaste Data Protection Flexibility Internet Exlporer Vendor Management Chromebook Screen Mirroring Reporting Specifications Big Data Webinar Microsoft Teams Applications Education Running Cable App store Remote Monitoring and Management File Sharing Language Robot Upgrades A.I. Outlook Evernote PDF Ciminal Worker Commute SharePoint Threat IT Management Scalability Touchpad Virus Voice over Internet Protocol Windows Ink Bluetooth Distributed Denial of Service Printing Cast Medical IT Sales Books Data storage IT solutions G Suite Licensing Device Security Trending Scam Nanotechnology Analysis Storage Experience Lithium-ion battery Consultant Movies Instant Messaging Google Maps Text Messaging Project Management Administrator Mobile Device PowerPoint IT Solutions FAQ How To Hiring/Firing iOS Marketing Proactive Training Fax Server Google Assistant BYOD GDPR Retail Windows 10s Bring Your Own Device Travel Point of Sale Employer Employee Relationship Root Cause Analysis Identity Managed Service Phone System Touchscreen Sync Workers Websites Amazon Data Loss IT budget Access Teamwork Connectivity Charger Uninterrupted Power Supply Operating Sysytem Benefits Settings Value Conferencing Video Games Solid State Drive Hybrid Cloud Tablets Advertising Spyware Budget Computer Accessories Augmented Reality Data Privacy Legislation Music Electronic Medical Records Unified Communications Updates Wearable Technology Data Theft Virtual Assistant Downloads WIndows Server 2008 Reputation Avoiding Downtime Smart Technology Computer Fan Chromecast HBO Gifts Hacker Hard Disk Drive Managed IT Service NFL Hard Drive Comparison Safety Emails RAM Adobe Microsoft Word Virtual Reality Files Computing Plug-In Microsoft Excel Identities Entertainment Unified Threat Management Trends Data Breach Black Market WannaCry Internet Explorer Credit Cards Laptop Keyboard Cables Word Edge CrashOverride Emergency Disaster Monitors Relocation Worker Dark Web Cache Twitter Error Regulation Remote Monitoring

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      Latest News

      Eclipse Integrated Systems launches new website!

      Eclipse Integrated Systems is proud to announce the launch of our new website at www.eisystems.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

      Read more ...

      Account login