JS Business Solutions Blog
ALERT: Meltdown/Spectre Vulnerability Can Affect Your Business’ Critical Infrastructure
Intel has had publicity problems in the past, but now things are getting critical. An issue was reported that could potentially cause the processing power of their chips to diminish. What are being known as the Meltdown or Spectre vulnerabilities, have businesses scrambling around looking for ways to protect their data and infrastructure from what is seemingly an oversight that affects most of today’s CPU architectures; namely those that rely on virtual memory.
This means that a bug has been discovered that alters the way that different programs communicate with the CPU. Typically, a CPU has two modes: kernel and user. “Kernel” provides users access to the computer and “user” which is typically thought of as the safe mode. The vulnerability that the user who goes by the moniker Python Sweetness discovered was one that allowed users working in user mode, to access kernel mode. This presents a number of potential problems, including creating a gateway for malicious action to be taken against your network.
Fortunately for users a patch has been developed that won’t seriously hinder system performance, a fear shared by some security professionals. In fact, the fix will only cause a minimal dip of around 2 percent. Initially, there were concerns that systems would come out of this much slower as entire processes would effectively be altered between user mode and kernel mode.
For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.
Two days later, an update for Android devices was pushed out to users. Most mobile platforms running Android, should now be protected. To be sure, check regularly. Google Chrome is scheduled to be updated on January 23. In the meantime, consider asking your IT administrator to help you achieve Site Isolation to assist in keeping your network secure.
Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.
If you don’t have a comprehensive IT administrator, chances are you are on your own. By having a company like JS Business Solutions looking out for you, you will be able to benefit from having conscientious IT professionals helping you keep your computing infrastructure, network, and data secure, no matter what is thrown at it.
To find out how JS Business Solutions can help your organization with network security, call us at (781) 715-1900.