As you may have seen in the news, last week the technology world was shaken by the disclosure of two vulnerabilities in modern processors, known as Meltdown and Spectre. These vulnerabilities are unusual, in that they target the CPU directly, which means that the operating system is not the source of the problem. In other words, any server, PC, mobile, or embedded device running an affected processor is vulnerable and will need to be patched.
Though these vulnerabilities are unusual in some ways, Meltdown and Spectre are similar to other vulnerabilities in the ways that they can be exploited. To exploit these vulnerabilities, an attacker must execute malicious code on a vulnerable system, via such means as an email attachment, browser plugin, or document macro. This means that normal digital hygiene practices apply very well to this situation.
To eliminate your exposure to these vulnerabilities, be sure to stay current on security patches for all network connected devices; including servers, PCs, and also network printers, firewalls, etc. Patches have already been released by Microsoft for Windows 10, and by Apple for Mac OS and iOS. Microsoft will be releasing patches very soon for the other supported versions of Windows, and other vendors are already rolling out patches, as well.
In addition to operating system updates, PC and Server hardware manufacturers have released their own patches that cannot be installed via typical operating system update procedures. These updates can be obtained via the manufacturer’s website and installed manually. Some manufacturers have their own automatic update mechanisms. For example, if you have a Dell PC running the Dell Command Update client, then you will automatically receive a notification when a BIOS update is available.
If you have any questions or concerns about your network security, please don’t hesitate to email us at [email protected] or call us at 541-342-5531.