Last week information was released on a set of vulnerabilities that have been collectively named Meltdown and Spectre. Initial reports were that only systems running Intel processors were impacted, but as more information was released we learned that just about every computer with a processor in it from the last 20 years is impacted by one or both of the vulnerabilities. The device you are reading this on is almost certainly vulnerable to one or both (cellphones and tablets are computers).
What are Meltdown and Spectre?
Meltdown and Spectre are vulnerabilities present in the CPU design of almost every modern processor, including those designed or manufactured by Intel, AMD and Apple. They allow access to data on a system that a user should not have access to. They are serious vulnerabilities on all systems, but even more so on systems where one user might access data that another user on that same physical system should not. Fortunately, they are not remotely exploitable — they require system access to abuse.
Are fixes available?
Fixes are available for some portion of the reported defects, but not all. More fixes are being released daily. While the most likely to be exploited vulnerabilities should have patches released by the end of this week, some (or all) systems may ultimately need to be replaced to fully fix these vulnerabilities.
What is the impact of the fixes?
As fixes are applied to protect against the vulnerabilities, they will have negative impact on system performance. The amount of impact will vary based upon system workload and age, older systems will have a more significant performance impact. Patches are being applied to both servers and workstations. Future patches may reduce the impact from those made available now.
What is Upic doing about Meltdown and Spectre?
Upic is readying systems for and applying fixes to address the most critical and easy to exploit parts of Meltdown and Spectre to all systems in our data center, along with customer systems under Upic management. We have validated compatibility of our antivirus with Microsoft’s software patches and most systems either are or will be patched to address the vulnerabilities after made available by Microsoft and other vendors.
For our customers self-managing (or via another party) their local systems, we are here to help. Please reach out and we can assist in remediating these vulnerabilities.
What should you do about it?
- If your United Way doesn’t have a security awareness training program, contact us.
- Apply updates to phones, tablets and computers as soon as available. Don’t wait, it really is important.
- Don’t access secure data on insecure systems shared with others (coffee shop, hotel, etc). This isn’t a new precaution, but it is even more important than ever before.
- Make sure systems are running an up-to-date antivirus. This is necessary for the Microsoft patches for the vulnerabilities to apply. This is done already on systems with Upic’s managed antivirus.
Should you have further questions about Meltdown and Spectre, please do not hesitate to reach out.