Meltdown and Spectre CPU Flaw
What You Need to Know
Some computer security issues are rather isolated, confined to a single operating system or an obscure piece of software. Others are more widespread, affecting millions of users and spanning the entire globe.
The newly discovered Spectre and Meltdown CPU flaws clearly belong in the latter category. Unlike some other security flaws, which were fairly limited in scope, the impact of the Spectre and Meltdown vulnerabilities could not be larger or more far-reaching.
What is the Flaw and Which Systems Does It Impact?
As a business owner or manager, it is important to have the right information, so a look at the CPU flaws and what they entail is a good place to start.
The sheer scope of these two CPU vulnerabilities is breathtaking. Experts estimate that some 90% of computers are impacted by the two bugs, including just about every desktop, laptop and server manufactured over the last 10 years.
If your business uses any type of computer, chances are you could be affected by the Spectre CPU flaw, the Meltdown vulnerability, or both.
Impact Varies Widely
While just about every computer system released during the last decade is affected in some way, the exact nature of the impact varies widely.
Some businesses, particularly cloud providers and the operators of server farms, could experience severe disruptions to their operations, while others may be largely unaffected.
Now of course, that doesn’t mean businesses should not be concerned with patching their systems and researching the impact of the Spectre and Meltdown CPU flaws. It just means that not every business will be impacted to the same level.
The impact on your business will depend on a number of different factors, including the type of hardware you use, how diligent you are about updating your servers and operating systems and the size of your computer workload.
What Makes These Vulnerabilities Different?
Security holes and computer vulnerabilities are nothing new – they have been around for decades.
What makes Meltdown and Spectre different is the nature of the flaw. Unlike software-based vulnerabilities, Meltdown and Spectre join the list of hardware vulnerabilities that reside in the computer’s hardware, in something called the kernel.
Without getting too technical, the kernel is a key part of the system, and it is something that laptops, desktops and servers all share.
The kernel vulnerabilities known as Meltdown and Spectre exist regardless of operating system – machines running Windows, Linux, iOS, MacOS and Android are all affected. So are iPhones, Galaxies and Google smartphones.
If your business has adopted a Bring Your Own Device (BYOD) policy, you need to take immediate steps to secure these vulnerable mobile devices.
Everyday Users vs. Business Owners
For everyday users, the Spectre and Meltdown vulnerabilities are worrying, but probably not catastrophic. It would take a sophisticated hacker to read and interpret the kernel-based passwords and other private information the CPU flaw could reveal.
Everyday home users should do what they have (or should have) been doing all along – patch their systems, turn on automatic operating system updates, create strong passwords and run robust antivirus and antimalware software.
Those users should still avoid clicking on unknown links and opening unexpected documents, and they should apply the Meltdown and Spectre CPU fixes as soon as they become available.
For businesses, the implications of the Spectre and Meltdown CPU flaws could be far more severe.
Since the vulnerability could make things like server passwords visible to hackers, a single intrusion could provide cyber criminals with unfettered access to the business and all its servers, workstations and connected devices.
Expert Help for Your Spectre and Meltdown Issues
The most important thing to know about the newly uncovered Spectre and Meltdown CPU flaws is that business owners should not attempt to fix them on their own.
The nature of this new vulnerability means that a simple software patch may not be enough to plug the security holes and keep affected systems safe.
The widespread nature of Meltdown and Spectre CPU flaws also means that every vendor using Intel chips will need to respond by providing a robust solution.
That response will likely come in the form of a combination of patches and firmware.
Every piece of computer equipment your business users, including Android and Apple smartphones, laptops, desktops and even servers, will need to be patched.
Or, learn more about what's included in a Network Security Assessment here.
Meltdown and Spectre Solution Center
At Ontech Systems, we want to be your Meltdown and Spectre solution center. We know the problem is confusing and frightening, and we can help you assess your risk and patch your systems.
If you are already a Managed Services client, your business will be getting all the necessary updates automatically. This urgent update will be automatically pushed to any system running the Windows 10 operating system.
If you are not yet a client, give Ontech Systems a call at (262) 522-8560. We can assess your vulnerabilities, provide a solution and keep your business safe. This new security flaw is different from others, and far more serious.
While every major operating system is affected, Windows XP, Windows 7 and Windows 8.1 are all vulnerable and may take longer to receive updates. Windows XP may not even get an update at all since it is no longer supported.
Ontech Systems will be providing their Managed Services clients with additional information in the days and weeks to come. We will be providing further updates on the vulnerability and its impact, and pushing out updates to affected operating systems.
If you have any further questions or concerns about Spectre and Meltdown, feel free to give Ontech Systems a call at (262) 522-8560.
Schedule a network security assessment
When you request a security assessment below, we'll contact you to schedule a complementary introductory meeting to discuss the details of the assessment and how we can best assist you.
*This security analysis is not all encompassing. However, the results of this analysis may prompt additional recommendations that are more focused on specific aspects of your environment. EX: PCI & HIPAA audits, in-depth anti-virus testing, firewall/router audit, etc.