301-571-5040    Get SUPPORT

Washington Works Blog

Washington Works has been serving the Bethesda area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Washington Works, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at 301-571-5040.

Tip of the Week: Putting Your Old Android Device t...
According to Study, Only 28% Utilize Two-Factor Au...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, July 21 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Cloud Business Computing Privacy Malware Hackers Software Network Security Email Business Internet Managed IT Services Backup Mobile Devices Tech Term Ransomware Computer Microsoft Productivity User Tips Google Hosted Solutions Data Recovery Smartphone Data Backup Android Managed Service Provider Productivity Data Management Social Media Windows 10 Encryption Business Continuity IT Services Paperless Office Office 365 Efficiency Cloud Computing Small Business IT Support Browser Communication Outsourced IT Business Management Remote Monitoring Hardware Data App Innovation Cybersecurity Server Facebook Disaster Recovery Tip of the week Infrastructure Government BYOD Smartphones Work/Life Balance Bandwidth Workplace Tips Save Money Windows Compliance Holiday Managed IT Services Big Data Employer-Employee Relationship Hosted Solution Unified Threat Management Money Chrome Windows 10 Virtual Reality Applications BDR Risk Management How To Vulnerability SaaS IT Management Password Word Saving Money File Sharing Artificial Intelligence Chromebook Two-factor Authentication Phishing Document Management Antivirus Internet of Things Apps Samsung G Suite Blockchain Identity Theft Gmail Computing Regulations Taxes IoT Politics Maintenance Business Technology Websites HIPAA Botnet Mobile Security Wi-Fi Automation Smart Technology Passwords Patch Management Vendor Management Scam Physical Security Hacker Data loss Customer Relationship Management Mobile Device Collaboration Twitter Office Computer Care VPN Robot Telephone Systems Data Security Storage Server Management Training Virtual Private Network Recovery Remote Computing Firewall Automobile Alert Tech Support Health The Internet of Things Service Level Agreement Staff Emoji Time Management Comparison Budget Gadgets Vulnerabilities Travel User Error Connectivity Electronic Medical Records Utility Computing How To Network Management Specifications Geography Motion Sickness Managed IT Permissions Legal Upgrade Supercomputer Healthcare Office Tips Wearable Technology Analytics Printer Virtualization Notifications Touchscreen Black Friday Social IT Support High-Speed Internet Social Networking IT Consultant Star Wars Outlook Fraud Wireless Sports Corporate Profile IT Budget Management Lenovo Search Access Control Cyber Monday VoIP Cabling Development Meetings Motherboard Cost Management Shortcut WannaCry Digital Payment Enterprise Resource Planning Administrator Superfish Firefox SharePoint Cortana Cables Webcam Education Assessment Machine Learning Hotspot Monitors Staffing Downloads IBM Mobile IT Technicians Black Market Router Crowdsourcing Heating/Cooling Distributed Denial of Service Disaster Wires Point of Sale Network Cleaning Internet Exlporer Relocation Language Microsoft Office Multi-Factor Security Company Culture Networking Mirgation Modem Servers Managed IT Service Personal Information Uninterrupted Power Supply WiFi Value Private Cloud Computing Infrastructure Update YouTube Website Quick Tips Google Calendar Managing Stress Downtime Web Server Cookies IT Solutions Break Fix GPS Professional Services Error Alerts Settings Google Drive Legislation Spam Enterprise Content Management Chatbots Cameras Nanotechnology Upgrades Statistics Dark Web Mobile Device Management Computer Repair Solid State Drive Tracking USB Communications Mail Merge Licensing Digital Processors VoIP Mouse Unified Communications Cybercrime Techology Identity CCTV Screen Reader Law Enforcement Bluetooth Microsoft Excel Hard Disk Drive Dongle Address Cooperation Augmented Reality Spyware Avoiding Downtime Tablet Bring Your Own Device Unified Threat Management Smart Tech Gadget CrashOverride Hiring/Firing Competition Emergency Fun Users Miscellaneous Presentation 5G Wireless Technology Marketing IP Address Managed Service Customer Service Mobile Office Domains Hard Drives Public Speaking Lithium-ion battery Safety