Security experts have recently found two significant flaws in the microprocessing systems (sometimes called CPUs or chips) of almost all the world’s computers. The two issues, fondly named Meltdown and Spectre, could be used to hijack the memory of a device running in a “cloud” environment. This includes computers, mobile phones and servers. Unlike most of the latest “bugs” to be discovered, this is a hardware issue so all software running on the system is susceptible.
What Do We Know?
Neither flaw has an easy fix at this point with Spectre being the worst of the two. Spectre could require completely redesigning processors so the issue may linger in technology for decades. Meltdown, however, has a software patch but it could slow down computer performance. Meltdown affects every microprocessor made by Intel. These chips are used in nearly all servers upholding the internet and private businesses.
Google and Microsoft have already updated their systems to deal with the Meltdown flaw. Amazon’s Web Services division said the flaw has existed for over 20 years and that it’s protected against all instances affecting their cloud-computing customers. Apple issued a partial fix and is expected to have an update soon.
Spectre exists in most processors in use today although researchers believe it’s more difficult to exploit. Currently, there’s no remedy for it and it is not specific to Intel as is Meltdown. It is a problem in the fundamental way processors are designed. The need for speed often takes precedence over security.
How Bad Is It and What Can You Do?
There’s no evidence that hackers have used these flaws for gain- at least for now. But businesses take a big risk by not implementing the patches as soon as possible. Last year, a ransomware attack called Wannacry made rounds exploiting a Windows flaw that users could have avoided by installing the latest updates.
At The Miller Group, these patches will be pushed out quickly and automatically for our clients, but will first be diligently tested. TMG staff wants to make sure these patches, sometimes released in haste by Microsoft and the like, won’t cause any other errors creating larger problems. Also, TMG advises clients that speed may be affected when these patches are pushed out although to not nearly the extent the news media is claiming at “30 percent.” We expect updates to operating systems, web browsers, drivers and much more.
The repairs for these issues are in a state of flux but in the meantime, here’s what you can do:
- If you’re a TMG All-Covered client, we will incrementally push out the updates as soon as possible. If you’re not an all-covered client, install the recommended updates to your systems as soon as possible. You should receive alerts from your operating systems to do so.
- As always, do not download anything from suspicious emails or on the web. This prevents hackers running software on your system to exploit Meltdown.
- Keep yourself up-to-date of the latest advised security protocols to avoid all cyber crime. Don’t make it easy on the criminals. If you’d like cybersecurity training for your staff, see our plans and pricing here: www.stlcybersecuritytraining.com
For questions on how this affects your systems, please feel free to call or email us. 314-822-8090 or firstname.lastname@example.org