Update on Meltdown & Spectre

Standard

meltdown-spectre-cpu-security-vulnerabilities-logos-610x318Here is the latest regarding the Meltdown & Spectre threats that have been widely reported on since last Thursday.  If you are not aware of what these risks are, please review my prior post; Meltdown & Spectre, What You Should Know.

Here’s what we know as of this moment:

  1. The bug is real and affects just about every microprocessor released since 1995.  This includes server, PC’s, Mac’s, Smartphones, Tablets and even Internet of Things devices like smart thermostats and other smarthome and commercial technologies.
  2. The flaw was discovered by Google security researchers this past summer and reported it to the appropriate manufacturers.  While the threat was taken seriously and work has been underway to fix the flaw, the information was released to the public out of concern that details were beginning to leak out before the patches were ready for distribution.
  3. Microsoft, Intel and others have already released patches to begin fixing this issue.  Your internal IT department or trusted IT partner is likely already in the process of deploying these patches to safeguard your systems.  For home, personal, devices, only install patches that you are certain are from the actual manufacturer.
  4. Never apply a patch from a link in an email message.  Bad actors are taking advantage of phishing and other social engineering techniques, to try to trick users into installing a patch that is actually malware from a hacker.  Only install patches you can verify!
  5. Most reports suggest that you will see a performance slowdown as a result of these patches.  Maybe.  For most users, you will not notice a performance impact.  For some intensive applications, a performance slowdown may be unavoidable, but for most average users, you will not notice a difference once the patches are installed.
  6. Intel has stated that they will have patches for 90 percent of the affected chips within a week.
  7. Some users with AMD chips are reporting issues after applying patches, so be sure to read up on the manufacturers web sites for the latest information before applying a patch.
  8. Just last night, during the keynote address at the Consumer Electronics Show, chip maker Intel announced the formation of a new internal security group to focus on improving the overall security of Intel technologies.  “Security is Job No. 1 for Intel and the industry,” said Intel CEO Brian Krzanich.  This type of focus will only help mitigate future issues and I applaud the response.

I will continue to monitor events for any new developments.  For now, it still seems that these threats have not actually be exploited, but nonetheless, I absolutely recommend remaining diligent and patching your systems without delay.

Leave a Reply