301-571-5040    Get SUPPORT

Washington Works Blog

Washington Works has been serving the Bethesda area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Washington Works, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 301-571-5040.

Tip of the Week: Putting Your Old Android Device t...
According to Study, Only 28% Utilize Two-Factor Au...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 23 February 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Cloud Best Practices Business Computing Malware Hackers Privacy Network Security Business Software Microsoft Backup Email Productivity Ransomware User Tips Mobile Devices Android Smartphone Google Windows 10 Managed IT Services Internet Computer Managed Service Provider Office 365 Efficiency Small Business Encryption Business Continuity Business Management IT Services Hosted Solutions Social Media Communication Tip of the week Outsourced IT Remote Monitoring Work/Life Balance Smartphones Hardware Workplace Tips Productivity Cloud Computing Data Management Browser Data Recovery Money Facebook Virtual Reality Server Windows 10 Disaster Recovery Risk Management How To SaaS Paperless Office Government IT Management Password Word Phishing Save Money App Antivirus Apps IT Support Holiday Windows Hosted Solution Big Data Innovation Cybersecurity Unified Threat Management Business Technology Websites Chrome Botnet Automation Wi-Fi Infrastructure Scam Twitter Physical Security Hacker Collaboration Vulnerability Computer Care Mobile Device Robot Office HIPAA BYOD Data Security Training Mobile Security Telephone Systems Recovery Server Management Saving Money File Sharing Virtual Private Network Artificial Intelligence Firewall Two-factor Authentication Automobile Alert Bandwidth Data Document Management Health Tech Support Samsung Data Backup Computing Managed IT Services Taxes Politics Employer-Employee Relationship Maintenance Upgrade IT Consultant Analytics Microsoft Excel Supercomputer Sports Virtualization Touchscreen Cooperation IT Support Meetings Corporate Profile Tablet Wireless Outlook Lenovo Internet of Things IT Budget Search Staff Administrator Cabling Webcam WannaCry Comparison Shortcut Superfish Education Firefox Blockchain Machine Learning Digital Payment Black Market Cortana Gmail Passwords Point of Sale Monitors Specifications Crowdsourcing Staffing Patch Management IBM Cleaning Vendor Management Permissions Relocation Heating/Cooling Wearable Technology Disaster Printer Data loss Black Friday Network Personal Information Microsoft Office Networking Customer Relationship Management Fraud Private Cloud Update Servers Downtime Uninterrupted Power Supply Access Control Web Server YouTube Cyber Monday WiFi VPN Quick Tips Error Remote Computing IT Solutions Applications SharePoint Cameras Settings Smart Technology GPS Computer Repair Google Drive Hotspot Communications Chromebook Processors Upgrades Mobile Device Management Statistics IT Technicians Cybercrime Solid State Drive Downloads CCTV Digital Distributed Denial of Service Law Enforcement Tracking Mail Merge Techology VoIP Language Bluetooth Mirgation Hard Disk Drive Multi-Factor Security Spyware Managed IT Service Gadget Augmented Reality Address Unified Threat Management Avoiding Downtime Computing Infrastructure Emoji Travel Google Calendar G Suite Break Fix Electronic Medical Records User Error Budget Time Management Alerts Gadgets Legislation Motion Sickness How To Dark Web Identity Theft Legal Network Management Licensing Office Tips Mouse Notifications Social Managed IT VoIP Presentation Wireless Technology 5G Marketing IP Address Website Customer Service Mobile Office Domains Hard Drives Spam Public Speaking Lithium-ion battery Safety The Internet of Things CrashOverride Hiring/Firing Competition Fun Emergency Users Miscellaneous