Meltdown and Spectre – Everything You Need to Know About the Recent CPU Vulnerabilities

January 12, 2018 9:16 am Published by Leave your thoughts

You may have seen recent news articles advising of flaws in Intel, AMD and ARM processors. These flaws have been affecting companies and cloud providers worldwide, so you’re probably wondering what this is all about and if you and your business will be affected?

Nearly all computers across the globe and many other devices have been exposed to these security flaws – leaving them vulnerable to attacks by hackers. So essentially, almost every business is impacted by this problem – including yours.

These flaws impact nearly every computer chip manufactured in the last 20 years and pose a very real risk to security and data for companies worldwide as well as all cloud providers including Amazon, Google and Microsoft.

In fact, the flaws are so widespread and fundamental that they’ve been labelled as catastrophic by many security researchers.

So, lets delve into exactly what’s going on and what you need to know.

The CPU Vulnerability Explained

With this very real vulnerability out there that’s now also publically known, it’s important to know exactly what we’re dealing with.

What are these flaws and what do they do?

Two separate security flaws have been identifiedMeltdown and Spectre.

These vulnerabilities can be taken advantage of by hackers in various ways. Both flaws make it possible for attackers to access the memory of your PC, laptop or smartphone containing the vulnerable chips. Spectre can also be exploited over the internet simply by visiting a website that’s running malicious code.

But how did these flaws get there in the first place?

These flaws have arisen from built-in chip features which help them run faster. Because of this, patches designed to ease the problem have impacts on system performance.

So essentially, the flaws have always been there. The fact that the flaws are fundamental to the hardware platforms makes this a difficult issue to crack. Even previously secure code is vulnerable. That’s because the underlying security processes we assumed were built into the code and all computer programming has been shown to be false.

How Big is The Problem?

There’s no denying that this is a very big problem for all affected chip manufacturers, who are now scrambling to put out their respective patches. But despite the catastrophic warning bells being sounded, thankfully no data breaches have been reported, and no evidence is currently present showing that this vulnerability has been exploited.

However, now that this problem has been made public, there are growing concerns that the bugs could be taken advantage of, and unfortunately, exploits of these vulnerabilities would be hard to detect – making these flaws particularly worrisome for all PC, smartphone and web users.

What’s Being Done About the Problem?

Some say that the only true way to fix this problem is to replace the chips, but as this solution is obviously impractical, updates and patches are being rolled out instead by all leading tech manufacturers.

However, as patches are being rolled out, some side effects and performance issues are arising as a result. These patch issues have impacted operations and responsiveness for many businesses and users are likely to experience more system slowdowns to come.

How to Protect Against This Vulnerability

Proactively implementing updates and patches is currently the best way to be protected from these flaws. Critical security patches must be applied as soon as possible to keep your company protected and to ensure any personal data is safeguarded.

So how do you get the security patches you need?

If you have support and maintenance (Managed services) agreement with Cymax, updates are being rolled out as they are made available (and tested)!
However, if you don’t have our support and maintenance services in place, it’s your responsibility to make sure these updates are applied.

Click here to view a complete list of fixes currently available from leading tech manufactures.

But beware of fake meltdown and spectre patches. Cyber attackers have been quick to exploit these flaws in the form of fake updates, so take caution if a supplier makes direct contact urging your organisation to apply an update. You can avoid this risk completely by letting out team at Cymax to organise the updates for you.

Performance Issues After Installing the Patch

We understand how frustrating a slowdown of your system can be. As this is a critical security patch that must be applied, unfortunately, there’s no way to avoid any potential performance issues that may result.

If you’re experiencing issues following the installation of a critical security patch, please be aware that we’re unable to anticipate how much this will slow down your operations, and there’s no way for us to control the slowness that may occur as a result of the patch.

But once the security update has been applied, and the speed impact is known, our architecture engineers will be working with Microsoft and Intel to restore any identified responsiveness to a nominal state where possible. At Cymax we take the security of your data very seriously which is why we proactively take this action for you – to ensure the security of your data and your business.

 

At Cymax, we’re always here to help, so if you have any further questions about these patches or about this vulnerability in general and how it could impact your business, please get in touch.

Leave a Reply

Your email address will not be published. Required fields are marked *