Spectre & Meltdown: What You Need to Know

 

Two new vulnerabilities, called Spectre and Meltdown, have been discovered by individual researchers. The flaws allow attackers to access and read sensitive data in computers, tablets, and smartphones. This affects devices from a wide variety of vendors, including Microsoft, Apple, Google, and Amazon.

Computer manufacturers install silicon chips that make devices process information quickly. These chips guess the information the computer will need to perform the next command in process called speculative execution. Whenever a guess is made, the chip temporarily makes it easier to access its sensitive information. One of the flaws, Spectre, enables attackers to trick the processor into starting the speculative execution process. The other flaw, Meltdown, allows attackers to gain access to sensitive information in the chip through the computer’s operating system.

So far, there's no known reports of any users being affected by attacks related to Spectre and Meltdown. Vendors, such as Intel, Microsoft, Apple, and Google, are rushing to repair these issues. However, according to reports, installing the fixes on some computers may result in a performance slowdown, depending on the way the device is used.

For those using our monthly managed services, SwiftTech will apply fixes to Spectre and Meltdown to your covered devices. We’ll also apply necessary updates to your operating system, anti-virus software, firewall, and web browser. If you're not on a managed services plan or have devices that are not covered, you can request this security maintenance service for an additional fee. You can call 877-794-3811 or email This email address is being protected from spambots. You need JavaScript enabled to view it. to request this service.

 

In order to prevent attacks related to the Spectre and Meltdown flaws, we would recommend:

• Making sure to install updates (Operating System, Firmware, BIOS, updates) to computer, cell phones, and devices with Intel, AMD, and ARM CPUs as soon as they become available. Be aware that old operating systems, Windows XP and Windows Server 2003 for example, are no longer supported and may not get security patches released for them.

• Upgrading legacy hardware no longer supported by the manufacturer, as they may no longer release security patches or updates for them, such as firmware updates. If it’s more than 5 years old, it is most likely not supported.

• Having professional and up to date anti-virus/security software scanning your devices, such as Trend Micro, Sophos, etc. Attackers may need to install malware on your systems to take advantage of this exploit. Having anti-malware software can be a first line of defense.

• Having web security solutions to protect you online and prevent you from being compromised. Ask about our security services offerings.

• Having good email protection. Watch out for phishing emails, as they are a way for attackers to get you to install malware and/or compromise access to your computers and logins. Don’t click on any strange links and attachments, especially from recipients you don’t know.

 

If you have any questions or interested in our security maintenance services, you can contact us by calling 877-794-3811 or emailing This email address is being protected from spambots. You need JavaScript enabled to view it..

 

Contact us at 877-794-3811 or [email protected] for Professional IT Support

get in touch