Our Blog: Stuff we think you should know

Haber Group has been serving the New York area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Haber Group, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 866.625.3560.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 18 February 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Cloud Hackers Technology Privacy Email Malware Business Internet Hosted Solutions Business Computing Microsoft Computer Software Windows 10 Ransomware IT Services Backup Android Small Business Google Network Security Smartphone Windows User Tips Productivity Mobile Devices Hardware Gmail Data Browser Data Management Efficiency Business Continuity Phishing Internet of Things App Encryption Facebook Office 365 Upgrade Smartphones Saving Money Remote Monitoring Innovation Office Tips Microsoft Office Big Data Cloud Computing IT Support Artificial Intelligence Word Data Recovery Managed Service Provider Outsourced IT Tip of the week Workplace Tips Managed IT Services WiFi Productivity Chrome Data storage Spam Miscellaneous Antivirus Cybersecurity Money Social Media Government Disaster Recovery Firewall Customer Service Apple Two-factor Authentication Windows 10 Settings Server Content Filtering Robot Risk Management Business Management Employer-Employee Relationship IT Support Google Drive Augmented Reality End of Support Safety Managed IT Services IT Management LiFi Telephone Systems Save Money The Internet of Things Virtual Reality Maintenance Analytics SaaS Bandwidth Data Backup Outlook IBM Wireless Search Unified Threat Management Monitors Apps Customer Relationship Management Wi-Fi Administration Hacking Business Technology HIPAA Automation VoIP Infrastructure Password Mouse Passwords Communication Presentation Hacker Avoiding Downtime Mobile Device Mobile Security Network Office Wireless Technology Recovery Hosted Solution Scam Tablet YouTube Vulnerability communications Holiday Printing Data Security Virtual Private Network Computing Techology Specifications Document Management Server Management Tech Support Google Maps Bitcoin How To Laptop Information Technology Online Mail Merge Licensing File Sharing Google Docs Samsung Fun Network Congestion Undo Unified Threat Management Halloween Black Friday Statistics Websites Windows 8 Google Wallet Microsoft Excel Application Address Cooperation Gadgets Quick Tips Computers Virtualization User Error Scary Stories Cyber Monday Bluetooth Drones Blockchain Staff Users Corporate Profile VoIP Display Printer Sports Smart Technology Social Education Permissions Wearable Technology WannaCry Time Management Humor Deep Learning Access Control Distributed Denial of Service User Digital Payment Cabling Hacks Budget Data loss Network Management sip BYOD Bring Your Own Device Competition SharePoint Buisness Managed IT Service Managed IT Fraud 5G IT solutions Lenovo Applications Digital Computer Care Touchscreen telephony Best Practice Downloads Break Fix Shortcut Disaster Vendor Management Cortana Superfish IT Technicians Marketing Spyware Training Storage Business Growth Writing Multi-Factor Security IP Address Downtime Dark Web Patch Management Hotspot Automobile Uninterrupted Power Supply Current Events Legal Paperless Office Dark Data Alt Codes Retail Website Cybercrime Google Calendar Mobile Office Net Neutrality Language Solid State Drive Going Green Hard Drives Knowledge Networking How To Heating/Cooling IT service Typing Social Engineering Legislation Mobile Device Management FCC VPN Computing Infrastructure Hard Disk Drive Operating System Unified Communications Refrigeration Experience Firefox Comparison Servers Politics BDR Cryptocurrency Public Speaking Running Cable Lithium-ion battery Virtual Desktop Title II Alerts Collaboration CCTV Alert Electronic Medical Records Identity Theft Travel G Suite Notifications Supercomputer Botnet Upgrades Motion Sickness Taxes Crowdsourcing IT Budget Machine Learning 3D Printing Update Emergency IT Consultant Relocation Unsupported Software Chromebook Meetings Cleaning Private Cloud Mobile Data Emoji Webcam Work/Life Balance Error Mobile Computing Black Market Point of Sale Law Enforcement Physical Security Twitter Mirgation CrashOverride Staffing Gadget Administrator Personal Information Remote Computing Web Server GPS Domains Computer Repair Processors Cameras Tracking Health