Our Blog: Stuff we think you should know

Haber Group has been serving the New York area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Haber Group, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 866.625.3560.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 24 May 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Cloud Technology Email Privacy Hackers Malware Business Internet Business Computing Hosted Solutions Computer Microsoft Software Backup Ransomware Windows 10 IT Services Network Security Android Google Mobile Devices Smartphone User Tips Data Management Hardware Small Business Browser Productivity Windows App Tech Term Cloud Computing Managed IT Services Server Saving Money Business Continuity Gmail Data Internet of Things Remote Monitoring Encryption Phishing Data Recovery Efficiency Facebook Office 365 Upgrade Smartphones Artificial Intelligence Managed Service Provider Microsoft Office Big Data Spam Social Media Word Data Backup Cybersecurity Business Management Infrastructure Innovation Productivity Office Tips Workplace Tips IT Support Tip of the week Government Disaster Recovery Outsourced IT IT Support The Internet of Things Communication Managed IT Services IT Management Apple Miscellaneous Settings Content Filtering Antivirus Firewall Robot Customer Service Risk Management Passwords Two-factor Authentication Windows 10 Chrome Data storage Bandwidth Vulnerability Employer-Employee Relationship Money WiFi Password Server Management Mouse Mobile Device Vendor Management Telephone Systems Network Storage Maintenance Paperless Office IBM Wireless Hosted Solution Apps Customer Relationship Management YouTube Holiday Wi-Fi communications Hacking Printing End of Support Business Technology Data loss Presentation Computing Hacker Avoiding Downtime Google Drive Office HIPAA Wireless Technology Recovery Save Money LiFi Applications Virtual Reality Website Mobile Security Analytics SaaS Scam Tablet Outlook Unified Threat Management Monitors Search VPN Augmented Reality BYOD Automation Data Security Safety Administration VoIP Virtual Private Network Smart Tech Computer Care Buisness Techology Google Maps IT solutions Application Alerts Gadgets Specifications Online Mail Merge telephony Best Practice Virtualization Connectivity Training Writing Unified Threat Management Statistics Licensing Automobile Cortana Users Black Friday Microsoft Excel Address Business Growth Compliance Current Events IoT Downtime Retail User Error Quick Tips Bluetooth Legal Cooperation Cyber Monday Cybercrime Remote Computing Blockchain Dark Data Corporate Profile Alt Codes Regulations Going Green Star Wars User Social Engineering Printer VoIP Staff Knowledge Smart Technology Permissions WannaCry Typing Competition Social Networking Cost Management Politics Access Control Time Management Distributed Denial of Service Operating System 5G Cabling Unified Communications Wearable Technology Collaboration Experience Running Cable Cryptocurrency Motherboard Network Management Assessment Document Management Virtual Desktop Tech Support How To SharePoint Managed IT Service Managed IT File Sharing Marketing Laptop Samsung Network Congestion Lenovo Digital Bitcoin Router Touchscreen Information Technology IP Address Internet Exlporer Identity Theft Fraud Websites Downloads Break Fix Shortcut Google Docs Disaster Halloween Computers Superfish Spyware Windows 8 Modem Google Wallet Mobile Office Value Multi-Factor Security Dark Web Patch Management Uninterrupted Power Supply Hard Drives IT Technicians Cookies Scary Stories Display Drones Mobile Device Management Professional Services Hotspot Google Calendar Net Neutrality Solid State Drive Refrigeration Mirgation Public Speaking Nanotechnology Sports Networking How To Social Heating/Cooling Lithium-ion battery USB Digital Payment IT service Education Language Legislation Chromebook FCC Humor Hard Disk Drive Deep Learning Chatbots Hacks Screen Reader Firefox Servers Budget Dongle BDR Computing Infrastructure Comparison Title II sip Fun Bring Your Own Device Undo Identity Work/Life Balance Service Level Agreement Error Black Market Point of Sale Mobile Computing Law Enforcement Physical Security Twitter Staffing Gadget Administrator Personal Information Web Server GPS Computer Repair Processors Emergency Cameras Tracking Health Alert CCTV Electronic Medical Records Travel Notifications G Suite Supercomputer Botnet Upgrades Motion Sickness Domains Taxes Crowdsourcing CrashOverride IT Budget Machine Learning 3D Printing Update IT Consultant Relocation Unsupported Software Meetings Cleaning Private Cloud Mobile Data Emoji Webcam