Melted Computer

Last week two significant computer bugs were announced. They have been dubbed Meltdown and Spectre. These bugs take advantage of a flaw in many modern computers that exists at the processor or CPU level. This flaw has to do with the way that companies like Intel and AMD have used to make their processors run faster. Even very technical people can find it difficult to wrap their heads around how these bugs work, because the flaws have to do with the very lowest level processes in the computer. Rather than bore you with the specific details of the flaw, I want to give you some information about what to do about it.

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents." Meltdown and Spectre (or "SpecDown") are both flaws that permit an application to read privileged memory

Who is affected by these exploits?

Both bugs are found at the hardware-level within the processor. Intel's chips are the most widely vulnerable; however, devices carrying AMD and ARM chips are susceptible too, along with Apple's A-series of chips. While a list of every affected chip is not immediately available, reports are available indicating that Intel's design flaw dates back to 1995.

Every Operating System is affected. 

  • Windows has had a series of patches earmarked as "2018-01" released.
  • Linux has been updated to mitigate the attacks;
  • macOS has been hardened as part of its 10.13.2. 

This is only half of the solution, however; please read below.

How can I deal with this?

As Meltdown and Spectre are two different vulnerabilities affecting both Hardware and Software between them, there is no single mitigation step that can be taken to guarantee complete protection against these issues.

Update OS – Windows: Microsoft has published patches as part of their January cumulative update (legacy term: "rollup"). These patches are only being supplied for supported operating systems.

As such, please only expect Microsoft patches for:

  • Windows 7 SP1 (not SP0)
  • Windows 8.1 (not 8.0)
  • Windows 10

Please note that there are certain circumstances where Microsoft Windows will not show the 2018-01 update despite appearing to meet all the requirements; the SpecDown fix alters the manner in which Windows works, and this can potentially cause issues with Antivirus suites. So you may have to update your anti-virus before you can run the Microsoft update.

Update BIOS/uEFI:

You will probably need to update your BIOS or Firmware. However, there may not be an update available. This update will need to come from the manufacturer. This could be Dell or HP if you have a name brand computer. If not, you may have to get the update from the processor OEM, such as Intel or AMD. If you have an older computer, chances are that there will not be an update created for it at all.

Conclusion

The point is that this is a complicated fix. To make matters worse, there will be lots of bad or erroneous advice on many websites, so be careful about the source of information that you use and especially any files that you download. Only download files from websites that are trust worthy and always scan any downloaded files to make sure that they do not contain viruses.  If you need help, give us a call.

Tags: 

Partnerships

ConnectMe Voice
Mail Protector
Huntress Labs
Malwarebytes Reseller
Quad9 Banner
Fortinet Logo
Microsoft Partner Logo
ID Agent Partner
ASCII Group Logo
Bitdefender Partner Logo
HP Logo
Dell Partner Direct Logo

Pages

Contact

 

Ultimate IT Guys

112 N Oklahoma
Mangum, OK 73554
Phone: 580.782.2266


Email: contact@ultimateitguy.com

Where To Find Us

 

SWNAHRO Maintenance Conference

Northeast Texas Housing Association Meeting

Southeast Texas Housing Association

Missouri NAHRO Conference

Texas NAHRO Conference

Top of Texas Housing Association 

Big Country Housing Association

North Texas Housing Association Meeting

New Mexico NAHRO Conference

Colorado NAHRO Conference

Kansas NAHRO Conference

SWNAHRO Conference

Texas Housing Association Conference

Oklahoma NAHRO Conference

Central Texas Housing Association Meeting

NorthEast Texas Housing Association