Meltdown and Spectre - What You Should Know [update 1/9/18]
January 05, 2018
You may have heard about two vulnerabilities announced this week called Meltdown and Spectre. This has hit the radar of many because it impacts a wide range of CPUs (Intel, AMD, and ARM) used in many computing devices and can enable an attacker to steal sensitive information from a system’s memory. The flaws impact both your own devices and your remote cloud service provider’s systems.
Fortunately, vendors are releasing and continue to develop patches to remediate both vulnerabilities. You can rest assured that the large cloud service provider’s (Google, Amazon, Azure) have already defended themselves, however smaller ones may not have yet. If in doubt, check with the vendor for information.
For devices in your control, run updates as they come out over the next few days and/or weeks and continue to keep your systems and applications up to date. Since Spectre is a browser based attack, keep your eyes out for updates to your web browser software (IE, Safari, Chrome, Firefox).
Criminals are already trying to trick users, so watch out for those phishing emails pretending to be from IT, including links to install software. This is how malware, or the more harmful ransomware, can get installed on your system. Run updates from your computing devices yourself, not from links people send to you.
Patch All the Things
Microsoft Windows: Update your Anti-Virus software first!
Run WindowsUpdate - https://support.microsoft.com/en-us/help/4073757/protect-your-devices-against-spectre-meltdown
Apple: Run Updates - https://support.apple.com/en-us/HT208394
US-CERT - https://www.us-cert.gov/ncas/alerts/TA18-004A
Google Project Zero - https://googleprojectzero.blogspot.com/
CNet - https://www.cnet.com/how-to/how-to-fix-meltdown-spectre-intel-amd-arm-windows-mac-android-ios/