Individual researchers discovered two new vulnerabilities, called Spectre and Meltdown. The flaws allow attackers to access and read sensitive data on computers, tablets, and smartphones. This affects devices from a variety of vendors, including Microsoft, Apple, Google, and Amazon.
Computer manufacturers install silicon chips that make devices process information quickly. These chips guess the information the computer will need to perform the next command in a process called speculative execution. Whenever the chip makes a guess, it temporarily makes it easier to access its confidential information. One of the flaws, Spectre, allows attackers to trick the processor into starting the speculative execution process. The other flaw, Meltdown, lets attackers access sensitive information in the chip through the computer’s operating system.
So far, there are no known reports of any users affected by attacks related to Spectre and Meltdown. Vendors, such as Intel, Microsoft, Apple, and Google, are rushing to repair these issues. But, according to reports, installing the fixes on some computers may result in a performance slowdown, depending on the way people use the device.
For those using our monthly managed services, SwiftTech will apply fixes to Spectre and Meltdown to your covered devices. We will also apply necessary updates to your operating system, anti-virus software, firewall, and web browser. If you’re not on a managed services plan or have devices that are not covered, you can request this security maintenance service for an extra fee. You can call 877-794-3811 or email firstname.lastname@example.org to request this service.
How can you avoid attacks related to Spectre and Meltdown flaws?
- Make sure to install updates (Operating System, Firmware, BIOS, updates) to computers, smartphones, and devices with Intel, AMD, and ARM CPUs when they become available. Be aware that Microsoft no longer provides updates for old operating systems such as Windows 7 and Windows Server 2003.
- Upgrading legacy hardware that the manufacturer no longer supports. They may not release security patches or updates for them, such as firmware updates. As a rule of thumb, if the hardware is more than 5 years old, the manufacturer usually stops providing support for it.
- Having professional and up-to-date anti-virus/security software scanning your devices, such as Trend Micro, Sophos, etc. Attackers need to install malware on systems to take advantage of this exploit. Anti-malware software is the first line of defense.
- Having web security solutions protects you online and prevents you from experiencing a security breach. Ask about our security services offerings.
- Having good email protection. Watch out for phishing emails, as they are a method for attackers to get you to install malware and provide access to your computers and logins. Do not click on any strange links and attachments, especially from senders you do not know.
If you have any questions or are interested in our security maintenance services, you can contact us by calling 877-794-3811 or emailing email@example.com.