Eclipse Integrated Systems Blog

Eclipse Integrated Systems has been serving the Bridgewater area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

Mere months after the firmware in their computer chips was found to be seriously flawed, Intel’s flagship product has once again brought some unpleasant attention to the company. While the issue now has a fix, there was the possibility that a solution could depreciate the functionality of the CPU.

In a blog maintained by a user known only as Python Sweetness, a post went up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In layman’s terms, there was a bug that interfered with how other programs interacted with the CPU. A functioning CPU has two modes, kernel and user. User mode is the one that is generally considered ‘safe’ mode, while kernel mode grants access into the computer’s inner workings. Python Sweetness, however, realized that there was a bug that blurred the lines between user and kernel mode. This issue created a means for malware and other malicious programs to access a system’s hardware directly.

This bug was expected to cause the system to have to switch entire processes back and forth between user mode and kernel mode, which would ultimately slow any of the computer’s functions to a crawl. What’s worse, the initial expectation was that the computer could only be fixed with a hardware change. Fortunately, a fix was devised and released as a Windows update, costing only 2 percent of system performance (much less than what would be lost otherwise).

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of more, further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (public forums get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Of course, for the fix to take place, the update has to be installed. This is the reason that it is worth having a managed service provider looking out for your business. The MSP would be there, ear to the ground for news of updates, ready to jump into action on your behalf. As a representative of you business, you wouldn’t have to worry about dealing with any of it. This means that you and your staff would be free to focus on profit-generating initiatives, without the distraction of maintenance and updates.
Eclipse Integrated Systems can be that MSP for you. Call us at 800-340-0505 for more information.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 21 May 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Privacy Cloud Hackers Business Computing Internet Network Security Malware Business Management Software Google Microsoft Windows 10 Computer Innovation User Tips Backup Hosted Solutions Business Productivity Productivity Windows Email Cybersecurity Mobile Devices Apps Hardware Cybercrime Smartphone Efficiency Saving Money Law Enforcement Disaster Recovery Managed IT Services Browser Operating System Virtualization Tech Term Ransomware Small Business Business Continuity VoIP Smartphones Data Security Data Backup IT Support Android Server Microsoft Office Money Mobility communications Chrome Office 365 Data Recovery Wireless Quick Tips Telephone Systems Mobile Device Management Miscellaneous Passwords Holiday Phishing Internet of Things Update Communication Unsupported Software Collaboration Password Best Practice IT Support Google Drive Outsourced IT Risk Management Workplace Tips Gadgets Social Application App Government BDR IT Services Cloud Computing Vulnerability Health Wi-Fi Information Technology Cost Management Managed Service Provider Antivirus Computers Upgrade Data Management Politics Managed IT User Error Facebook Data Current Events Spam Employer-Employee Relationship Windows 10 Social Media Shortcut Hacking Identity Theft Save Money Work/Life Balance Office tips USB Two-factor Authentication Alert Search The Internet of Things Going Green Apple Flexibility Office Network Devices Cortana eWaste Router Cleaning WiFi History Proactive IT End of Support Streaming Media Bandwidth Wireless Charging Private Cloud Battery Sports Social Engineering Fraud Recovery Television HaaS Save Time Patch Management Commerce Automation Personal Information Tech Support Users Automobile Transportation Internet Exlporer Meetings Excel Wireless Technology Data Storage OneNote Encryption Samsung Hosted Solution VPN DDoS Mobile Computing Mobile Security Humor Telephony Managed IT Services Google Docs Remote Computing Blockchain Audit iPhone Data Protection Computer Care Maintenance Artificial Intelligence Legal Wearable Technology Device Security Licensing Storage Webinar Chromebook FAQ Virtual Reality IT Solutions Entertainment Travel Data storage IT solutions Virus Printing Scalability Scam Charger Education Nanotechnology Running Cable Mobile Device Spyware Tablets Administrator Legislation Windows 10s SharePoint Proactive Google Assistant How To Employer Employee Relationship WIndows Server 2008 Root Cause Analysis Experience NFL Access Comparison Solid State Drive Websites Augmented Reality Value Computer Accessories Data Breach Point of Sale SaaS Edge Advertising Phone System Word Hacker Specifications Hard Disk Drive Teamwork Data Theft Evernote Reputation Outlook Files Unified Threat Management Ciminal Music Windows Ink Keyboard Sales Laptop Cast Computing Internet Explorer Black Market Vendor Management Networking Robot Upgrades Project Management Analytics Google Maps Retail Touchpad BYOD App store Threat Workers Sync Screen Mirroring Consultant IT budget PDF Big Data Data Loss Hiring/Firing Conferencing Trending iOS Instant Messaging Training Updates Worker Commute Lithium-ion battery Distributed Denial of Service Touchscreen Bluetooth Text Messaging Books Identity Benefits Gifts Operating Sysytem HBO Uninterrupted Power Supply Settings Managing Stress Company Culture Marketing Microsoft Word Adobe Budget Microsoft Excel Fax Server Identities Electronic Medical Records Data Privacy Video Games Smart Technology Credit Cards Avoiding Downtime Computer Fan Applications Chromecast File Sharing Emails Language Safety Hard Drive IT Management Gmail WannaCry Remote Monitoring Emergency Disaster Monitors Worker Twitter CrashOverride PowerPoint Relocation Connectivity Cache

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      Latest News

      Eclipse Integrated Systems launches new website!

      Eclipse Integrated Systems is proud to announce the launch of our new website at www.eisystems.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

      Read more ...

      Account login