ICS Data - Meltdown Vulnerability and What to Do

Meltdown Vulnerability and What to Do

We are aware of, and are actively working to protect against the latest Meltdown / Spectre vulnerability.

What’s the problem?

In the 1990’s in order to speed up processors, chip engineers began using “speculative execution” in order to try and guess what data would be needed next. Much like if you were a salesperson and you saw someone picking out pants, you may run them a belt to go with them.

With your computer, as an example, if you were to visit your bank website – the speculative execution function would pull your bank login, because it is guessing you need that next.

There are two variations of this vulnerability:

  • Meltdown – Allows for full access to this protected space (only effects products with Intel processors)
  • Spectre – Allows for malicious code to trick random portions of this memory location (effects Intel, AMD, and ARM processors)

Exploit in Action…

Is my device effected?

Yes. This vulnerability is incredibly wide reaching as it is on the physical processor that operating systems are installed on. This means that all operating systems will need to be patched, including mobile (iOS, Android, Windows, Mac OS, and Linux). Cloud services such as Amazon AWS, Google Cloud, and Microsoft Azure also require patching.

What is being done?

Hardware and software manufacturers are scrambling to provide patches to this vulnerability. Microsoft released an emergency patch Tuesday January 2, 2018 for Windows 10 Operating Systems. Apple released a patch for their devices Thursday January 4, 2018 that covers Mac OS, iOS, and Apple TV. Due to the severity of the vulnerability, the software community is moving very quickly to patch.

Processor manufacturers such as Intel and AMD are the ones with the real job. Since this vulnerability is with the processor, the patches that software manufacturers make should be considered mitigation, not a solution. Over the coming weeks and months we expect an array of firmware (the software that runs hardware) updates for motherboards, which in many cases, need to be applied manually.

What can I do?

The most effective way to mitigate your risk is to ensure you have a supported Operating System (Windows XP will not be patched) with Windows Updates enabled. Additionally, as attackers begin making tools to exploit this vulnerability it will be important to be extra vigilant when opening any attachments in emails or downloading from sites you do not trust. Currently, not all Operating Systems have a patch available – with Microsoft releasing a patch for Windows 7 next Tuesday January 9, 2018.

Fast|Manage clients who are on a plan with ICS Data that includes regular updates and maintenance to workstations and servers will automatically begin receiving updates today Friday January 5, 2018. We will be rolling out a patch to Windows 7 for you as soon as it is available.

If you are not yet a Fast|Manage client now is a great time to become one, please call (616-844-0245) or email (sales@icsdata.com) us today to get a quote.

Additional Resources

For more information, I have included some helpful links below:

Windows 10 Knowledge Base Article

Apple Security Release

Google Security Release

Intel Security Release