By now, you’ve probably seen two names swirling around every industry news headline. These, of course, are Meltdown and Spectre; two critical vulnerabilities found in current CPUs from Intel, AMD and ARM.
On Wednesday January 3, several researchers disclosed the security flaw in modern processors that could affect practically every Intel computer released in the last two decades—as well as the AMD and ARM chips in your laptops, tablets and phones. As people are (rightly) concerned, we’ve decided to assemble and organize all the information MSPs and IT service providers should understand about these vulnerabilities, how they could be exploited and how to communicate these vulnerabilities to your clients.
What Are Meltdown and Spectre?
In brief, Meltdown and Spectre are the names of the flaws found in a number of processors from Intel, ARM and AMD that could allow hackers to access passwords, encryption keys and other private information from open applications.
Meltdown and Spectre essentially target the way processors optimize certain actions, a function known as “speculative execution.” That vulnerability allows them to see the memory (including personal information) inside other programs and services down to the core of the operating system. The Meltdown flaw mostly affects Intel-powered machines like your desktop or MacBook, while the Spectre flaw affects processors from AMD and ARM. That means your smartphone is also likely affected by the processor flaw.
How Could Meltdown and Spectre Be Exploited?
The Meltdown and Spectre vulnerabilities are rooted within the processor’s architecture, where a design defect allows applications to cross memory boundaries into the protected memory of other applications. They target a flaw that’s already there: downloading antivirus software can’t stop this one. Variants to the flaw exist where malware could potentially gain access to the memory of other applications (in the case of Spectre) or where malware could gain access to a device’s memory (in the case of Meltdown).
If these vulnerabilities get exploited in a successful attack, it could lead to a broad range of malware attacks that could compromise important data stored on the user’s device.
It’s important to emphasize that at this point in time, there is no evidence these vulnerabilities are being maliciously exploited in the wild. The news makes it seem like everyone should be rushing fix systems that may not even be damaged yet. However, Meltdown and Spectre should serve as the latest wake up call for organizations to continuously question, enhance, test and secure their IT environments.
It’s true that “every machine could be at risk.” It’s also true that applying an update before there are any confirmed problems may cause, well, problems.
Also patches have already been released for Microsoft Windows, Apple macOS, and Linux to patch Meltdown.
Get Used to It, but In-Front of It
Unfortunately, these types of vulnerabilities are becoming the new normal, so small businesses will see more of these alerts on a regular basis. At Hoola Tech, we try our best to let our clients know about potential vulnerabilities and attacks before they even read the news headlines. We’re honest about the actual risks to your network.
As always, keep track of who has access to your network. Keep your passwords regularly updated. If you would like to do more to protect your network, Hoola Tech offers 24-hour monitoring as well as employee training. Give us a call with any questions!
To read the original article, click here.