croom new

Eclipse Integrated Systems Blog

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

Mere months after the firmware in their computer chips was found to be seriously flawed, Intel’s flagship product has once again brought some unpleasant attention to the company. While the issue now has a fix, there was the possibility that a solution could depreciate the functionality of the CPU.

In a blog maintained by a user known only as Python Sweetness, a post went up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In layman’s terms, there was a bug that interfered with how other programs interacted with the CPU. A functioning CPU has two modes, kernel and user. User mode is the one that is generally considered ‘safe’ mode, while kernel mode grants access into the computer’s inner workings. Python Sweetness, however, realized that there was a bug that blurred the lines between user and kernel mode. This issue created a means for malware and other malicious programs to access a system’s hardware directly.

This bug was expected to cause the system to have to switch entire processes back and forth between user mode and kernel mode, which would ultimately slow any of the computer’s functions to a crawl. What’s worse, the initial expectation was that the computer could only be fixed with a hardware change. Fortunately, a fix was devised and released as a Windows update, costing only 2 percent of system performance (much less than what would be lost otherwise).

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of more, further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (public forums get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Of course, for the fix to take place, the update has to be installed. This is the reason that it is worth having a managed service provider looking out for your business. The MSP would be there, ear to the ground for news of updates, ready to jump into action on your behalf. As a representative of you business, you wouldn’t have to worry about dealing with any of it. This means that you and your staff would be free to focus on profit-generating initiatives, without the distraction of maintenance and updates.
Eclipse Integrated Systems can be that MSP for you. Call us at 800-340-0505 for more information.

Tip of the Week: Keeping Productivity Up When the ...
You Can’t Ignore the Elephant in the Server Room
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, November 16 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Business Computing Network Security Internet Google Hackers Malware Software Business Management User Tips Microsoft Tech Term Productivity Hosted Solutions Computer Efficiency Innovation Windows 10 Backup Browser Business Cybersecurity Apps Productivity Managed IT Services Email Mobile Devices Saving Money Communication Windows Smartphones Data Recovery VoIP Virtualization Data Backup Cybercrime Smartphone Internet of Things Hardware Small Business Workplace Tips communications Android Operating System Law Enforcement Collaboration Passwords Disaster Recovery Business Continuity Users Data Security IT Support Network Microsoft Office Miscellaneous Wireless Cloud Computing Ransomware Money Gadgets Mobility Windows 10 Data Chrome Social Media Mobile Device Management Telephone Systems Wi-Fi Mobile Device IT Support Server Office 365 Update BDR Outsourced IT Quick Tips Phishing Holiday IT Services Best Practice Google Drive Cost Management Social Employer-Employee Relationship Unsupported Software Vulnerability Government Application Information Technology Health App Password Risk Management Marketing Politics Networking Data Management Spam Save Money Managed Service Provider Sports Proactive IT Work/Life Balance Facebook Information Shortcut Automation Current Events Office tips Blockchain USB Managed IT Services Patch Management Alert Artificial Intelligence Antivirus Managed IT Computers Streaming Media Bandwidth Upgrade User Error Two-factor Authentication Hacking Identity Theft SaaS Commerce Television Router Storage Computer Care VPN Excel Encryption Social Engineering History Telephony Humor BYOD End of Support Battery Devices Cortana Remote Computing Private Cloud Mobile Security Recovery Meetings Office HaaS Going Green iPhone Managing Stress OneNote Wireless Charging Cleaning Apple Google Docs Samsung Managed Service Tech Support Automobile Fraud Business Intelligence Gmail Data Storage Personal Information eWaste Connectivity Transportation Mobile Computing DDoS WiFi Data Protection Legal Touchscreen Compliance Internet Exlporer Analytics The Internet of Things Search Applications Maintenance Audit Wireless Technology Company Culture Hosted Solution Outlook Save Time Flexibility Cast Sales Big Data Computing Plug-In Data storage Licensing Education Device Security Smart Technology Computer Fan Trends Troubleshooting Trending Cables Lithium-ion battery Fax Server Hacker Hard Disk Drive Internet Explorer Microsoft Office 365 Microsoft Teams Administrator IT Solutions Scalability FAQ Safety Emails Chromebook Reporting PDF Google Maps Worker Commute Project Management Retail Books Unified Threat Management App store Remote Monitoring and Management Teamwork Travel WannaCry A.I. Profitability Experience Virus Voice over Internet Protocol Sync Instant Messaging Workers Keyboard Threat Access Control G Suite Access How To Charger Webinar Printing Medical IT Uninterrupted Power Supply Operating Sysytem Text Messaging Data Loss IT budget Vendor Management Wearable Technology Conferencing Upgrades Analysis Tablets Point of Sale Spyware Movies Eliminating Downtime Budget Legislation Phone System Proactive Updates PowerPoint Authentication Bring Your Own Device WIndows Server 2008 IT solutions Google Assistant GDPR Avoiding Downtime HBO Video Games Gifts Consultant Identity Advertising NFL Scam Nanotechnology Wireless Internet Chromecast Comparison Music Websites Amazon Adobe Microsoft Word Hiring/Firing iOS Authorization Files Training Hybrid Cloud Reputation Data Breach Windows 10s Value Dark Web Microsoft Excel Identities Running Cable Credit Cards Data Privacy Laptop Word Edge Employer Employee Relationship Root Cause Analysis Unified Communications Screen Mirroring Specifications Data Theft Virtual Assistant SharePoint Virtual Reality Benefits Downloads Language Settings Managed IT Service Robot Bluetooth Distributed Denial of Service Black Market Evernote Solid State Drive Error File Sharing Entertainment RAM IT Management Electronic Medical Records Hard Drive Touchpad Windows Ink Ciminal Computer Accessories Augmented Reality Cache Remote Monitoring Relocation Emergency CrashOverride Monitors Worker Help Desk Printers Twitter Disaster Regulation

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      Latest News

      Eclipse Integrated Systems launches new website!

      Eclipse Integrated Systems is proud to announce the launch of our new website at www.eisystems.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

      Read more ...

      Account login