Meltdown and Spectre are the latest in what seems to be a never ending run of data threats and vulnerabilities IT personnel are working to neutralize. Sanity’s Nick Cupery shares several resources to help keep your infrastructure in tact.
High Level Overview of the Flaws
The processors on your computers and smart devices run tons of small calculations per second to perform tasks. As a form of workflow optimization, they also preemptively perform tasks that are not necessarily needed. This is called “speculative execution.” The processor works in tandem with your device, performing calculations from a range of applications simultaneously. Researchers have found that this could potentially let bad actors access protected parts of your device’s memory.
- Spectre – affects all processors
- Meltdown – affects only Intel processors
How might Spectre and Meltdown affect you?
In theory, hackers could trick you into downloading malicious software on your computer, then use these flaws to access things like passwords, personal photos, emails, or documents. Since servers also run on affected processors, they could also log into a cloud account and use the Meltdown flaw to bypass security protocols and access multiple users’ information simultaneously. Though these flaws have existed for 2 decades, there haven’t been any documented cases of hackers taking advantage of them… yet.
Intel and other microprocessor vendors have been working closely with operating system vendors to mitigate the potential impact of the security flaws. Windows, Linux, and Mac OS have already released the preliminary software patches to help safe guard against the attack (see links below). Hardware vendors will likely introduce new chipset features on future hardware offerings to help further protect against the problem.
- Consult with your operating system vendor to understand the proper patching and mitigation procedures
- Consult with your solutions provider to create a plan to mitigate possible effects on your infrastructure