MERIT Solutions Blog

MERIT Solutions has been serving the Chesapeake area since 1982, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

ALERT: Meltdown/Spectre Vulnerability Grants Malware Access, Patch It Today

Mere months after the firmware in their computer chips was found to be seriously flawed, Intel’s flagship product has once again brought some unpleasant attention to the company. While the issue now has a fix, there was the possibility that a solution could depreciate the functionality of the CPU.

In a blog maintained by a user known only as Python Sweetness, a post went up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In layman’s terms, there was a bug that interfered with how other programs interacted with the CPU. A functioning CPU has two modes, kernel and user. User mode is the one that is generally considered ‘safe’ mode, while kernel mode grants access into the computer’s inner workings. Python Sweetness, however, realized that there was a bug that blurred the lines between user and kernel mode. This issue created a means for malware and other malicious programs to access a system’s hardware directly.

This bug was expected to cause the system to have to switch entire processes back and forth between user mode and kernel mode, which would ultimately slow any of the computer’s functions to a crawl. What’s worse, the initial expectation was that the computer could only be fixed with a hardware change. Fortunately, a fix was devised and released as a Windows update, costing only 2 percent of system performance (much less than what would be lost otherwise).

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of more, further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (public forums get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Of course, for the fix to take place, the update has to be installed. This is the reason that it is worth having a managed service provider looking out for your business. The MSP would be there, ear to the ground for news of updates, ready to jump into action on your behalf. As a representative of you business, you wouldn’t have to worry about dealing with any of it. This means that you and your staff would be free to focus on profit-generating initiatives, without the distraction of maintenance and updates.
MERIT Solutions can be that MSP for you. Call us at (757) 420-5150 for more information.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 21 May 2018

Captcha Image

Tag Cloud

Security Tip of the Week Technology Best Practices Privacy Cloud Business Computing Network Security Hackers Malware Internet Software Hosted Solutions Business Management google Productivity Backup Managed IT Services Mobile Devices Microsoft Computer Disaster Recovery VoIP Business IT Support Outsourced IT communications Business Continuity Email User Tips Cybersecurity Windows 10 Productivity Hardware IT Services Innovation Efficiency Cybercrime Data Backup Small Business Apps Windows Managed IT Server Saving Money Ransomware Mobility Mobile Device Management Data Recovery Smartphone Data Operating System Law Enforcement browser Internet of Things Android Virtualization Save Money Tech Term Telephone Systems Smartphones Hosted Solution Quick Tips Cloud Computing Phishing BDR Money Passwords Data Security Password Recovery Holiday Microsoft Office Chrome BYOD Communication Automation VPN Office 365 Information Technology Gadgets Two-factor Authentication Budget Collaboration IT Support Wireless Data Management Network Risk Management Unsupported Software Social upgrade Vulnerability Google Drive Hacking Avoiding Downtime App Work/Life Balance Cost Management Alert Health Wi-Fi Miscellaneous Managed Service Provider Data Breach Computers Facebook Government Best Practice Social Media Update Politics Workplace Tips Data Protection Employer-Employee Relationship Cleaning USB Save Time Social Engineering Streaming Media Windows 10 Identity Theft Wireless Technology Spam search Flexibility Shortcut Telephony Managed IT Services Firewall User Error Application Office tips Antivirus Applications Private Cloud History Current Events Audit Proactive IT Personal Information The Internet of Things Value Humor Disaster IT solutions DDoS Saving Time Redundancy Office Computer Care Phone System Commerce Sports Television Project Management Tech Support Apple Cortana Legal Users Hacker Patch Management Encryption Internet Exlporer Solid State Drive WiFi Artificial Intelligence Going Green Bandwidth Big Data Wireless Charging iPhone Excel eWaste Data Storage Mobile Computing Transportation Blockchain OneNote SaaS Robot Mobile Security Samsung Devices Content Filtering Remote Computing End of Support Battery Data Loss HaaS Gmail Marketing Compliance Google Docs Fraud Automobile Twitter Microsoft Excel Avoid Downtime Hard Drive IT solutions Edge control Gifts Shadow IT Professional Services Document Management Data storage Virus WSJ File Sharing Experience Chromebook Windows 10s Ciminal Exchange Administration IT Management Chromecast Travel Nanotechnology Proactive Distributed Denial of Service altivista Storage Video Games Smart Tech Hard Disk Drive SBS Credit Cards Colocation WIndows Server 2008 Virtual Reality Tablets Root Cause Analysis Websites compaq Scam Hard Drives Music Files Connectivity Lithium-ion battery MSP Wearable Technology FAQ Administrator NFL Augmented Reality Data Theft hp Employer Employee Relationship Lifestyle Analytics Business Intelligence Touchscreen Content Filter intranet domain Charger Keyboard Relocation Outlook Instant Messaging Access Word Worker Commute Computing Computer Accessories Mobile Device Legislation Managed IT Service Monitoring iOS IT budget remote Managing Stress PDF Windows Ink Analysis Yahoo Maintenance Comparison Books Scalability Management Computer Fan Running Cable Server 2008 Evernote Hiring/Firing Regulation Education Text Messaging Google Maps Router App store Ali Rowghani Vendor Management Device Security Specifications Screen Mirroring How To Financial Technology Trending Dark Web Identities Networking Benefits Sync Software as a Service Meetings Unified Threat Management Sales Cast Emails Printing IoT server installation dvd "cannot install required files" Workers Adobe Training Entertainment Laptop Settings Uninterrupted Power Supply Identity stock Spyware Upgrades Retail Electronic Medical Records Google Assistant Licensing Point of Sale WannaCry Language Updates tweet Company Culture HIPAA Touchpad Data Privacy Webinar Computer Forensics Consultant Conferencing Safety Reputation HBO Black Market Mobile calculator Microsoft Word Smart Technology Advertising Remote Monitoring Emergency Worker CrashOverride Thank You Congratulations Cache Monitors

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Anna Jackson 5 SEO Tools To Get a Google-Eye View of Your Website
15 September 2017
Hello Randall! I was doing very important work but due to your subject I felt better to stay at you...
David Miller Not all project-management tools are right for all businesses
25 August 2017
All the points depicted by you in this blog is v.apt. I love the title of this blog because it says ...