Contributed by: Nick Cupery, Systems Engineer, Sanity Solutions on January 10, 2018.

Meltdown and Spectre are the latest in what seems to be a never ending run of data threats and vulnerabilities IT personnel are working to neutralize. Sanity’s Nick Cupery shares several resources to help keep your infrastructure in tact.

High Level Overview of the Flaws

The processors on your computers and smart devices run tons of small calculations per second to perform tasks. As a form of workflow optimization, they also preemptively perform tasks that are not necessarily needed. This is called “speculative execution.” The processor works in tandem with your device, performing calculations from a range of applications simultaneously. Researchers have found that this could potentially let bad actors access protected parts of your device’s memory.

  • Spectre – affects all processors
  • Meltdown – affects only Intel processors

How might Spectre and Meltdown affect you?

In theory, hackers could trick you into downloading malicious software on your computer, then use these flaws to access things like passwords, personal photos, emails, or documents. Since servers also run on affected processors, they could also log into a cloud account and use the Meltdown flaw to bypass security protocols and access multiple users’ information simultaneously. Though these flaws have existed for 2 decades, there haven’t been any documented cases of hackers taking advantage of them… yet.

Next Steps:

Intel and other microprocessor vendors have been working closely with operating system vendors to mitigate the potential impact of the security flaws.  Windows, Linux, and Mac OS have already released the preliminary software patches to help safe guard against the attack (see links below).   Hardware vendors will likely introduce new chipset features on future hardware offerings to help further protect against the problem.

  1. Consult with your operating system vendor to understand the proper patching and mitigation procedures
  2. Consult with your solutions provider to create a plan to mitigate possible effects on your infrastructure
For more information or assistance; please contact Sanity Solutions at 720.570.1668.
Useful Links and Information
Meltdown and Spectre Attack Information:
Windows
Potential Antivirus Problems
Spectre
Microsoft Performance Impact
Apple:
Linux:
VMWare

 

List of general patches and fixes to be aware by operating system vendor