School navigation

Information Technology

Meltdown and Spectre - What You Should Know [update 1/9/18]

January 05, 2018

  • News Image

You may have heard about two vulnerabilities announced this week called Meltdown and Spectre.  This has hit the radar of many because it impacts a wide range of CPUs (Intel, AMD, and ARM) used in many computing devices and can enable an attacker to steal sensitive information from a system’s memory.  The flaws impact both your own devices and your remote cloud service provider’s systems.

Fortunately, vendors are releasing and continue to develop patches to remediate both vulnerabilities.  You can rest assured that the large cloud service provider’s (Google, Amazon, Azure) have already defended themselves, however smaller ones may not have yet.  If in doubt, check with the vendor for information.

For devices in your control, run updates as they come out over the next few days and/or weeks and continue to keep your systems and applications up to date.  Since Spectre is a browser based attack, keep your eyes out for updates to your web browser software (IE, Safari, Chrome, Firefox).

Watch Out! 

Criminals are already trying to trick users, so watch out for those phishing emails pretending to be from IT, including links to install software.  This is how malware, or the more harmful ransomware, can get installed on your system.  Run updates from your computing devices yourself, not from links people send to you.

Patch All the Things

Microsoft Windows:  Update your Anti-Virus software first! 

Run WindowsUpdate - https://support.microsoft.com/en-us/help/4073757/protect-your-devices-against-spectre-meltdown

Apple: Run Updates - https://support.apple.com/en-us/HT208394

 

Resources

US-CERT - https://www.us-cert.gov/ncas/alerts/TA18-004A

Google Project Zero - https://googleprojectzero.blogspot.com/

Threatpost -https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/

CNet - https://www.cnet.com/how-to/how-to-fix-meltdown-spectre-intel-amd-arm-windows-mac-android-ios/

 

Share this story on

Information Technology

Contact Us