Information about Meltdown and Spectre
What you need to know about Spectre and Meltdown
It’s 2018 and we are already starting the new year off with two new security risks with the recent processor vulnerabilities called Meltdown and Spectre. On Tuesday January 2, security researchers published a significant finding whereby a flaw in nearly all modern microprocessor chips allow for attackers to gain varying levels of access into protected kernel memory areas. The kernel is the core of a computer’s operating system with complete control over everything on the computer system. Fixes for many OS’s are available in the form of a security patch.
How serious is this?
Spectre is more difficult for hackers to take advantage of but is also more difficult to fix, and is expected to be a bigger problem in the long term.
Who is affected?
These two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security concerns, potentially allowing an attacker to read sensitive data stored in the memory. Almost every computing system (desktops, laptops, smartphones, and cloud servers) — is affected by the Spectre bug. Meltdown appears to be specific to Intel, impacting all Intel systems from laptops to servers.
National Cyber Security Centre Guidance:
Helpful Links to Patches and other Information
US-CERT (United States Computer Emergency Readiness Team) has a helpful list of affected vendors and links to associated remediation steps:
Intel Firmware Update
Microsoft released an update for devices running Windows 10
Potential impact on processors in the IBM Power family (patches available January 9th)
Linux system administrators should examine the Linux Kernel Mailing List (LKML) website:
Redhat system administrators should examine this website (which is updated routinely):
Suse system administrators should examine this website:
Users and administrators are urged to update their computers with the latest security fixes as soon as possible. We also encourage users to refer to their OS vendors for the most recent information. Due to the fact that the vulnerability exists in CPU architecture rather than in software, patching may not fully address these vulnerabilities in all cases.
MessageOps is ready to help you evaluate your patching strategy and give you best practices around mitigating risk on this most current security issue.Email us at firstname.lastname@example.org or visit https://www.messageops.com/office-365-security-by-messageops/