Meltdown & Spectre Bugs: What I need to know | Correct Group

Meltdown & Spectre Bugs: What I need to know

| | About IT Solutions, Cyber Security

A serious design flaw by Intel, the manufacturers of the chips at the heart of most workstations and servers, is allowing access to sensitive data (like passwords, emails or open documents) held in your computer’s RAM.

Meltdown and spectre bugs

What is Meltdown and who is affected by it?

Meltdown is a vulnerability in hardware that allows malicious, un-authorised access to all of the hardware’s memory. Most Intel chips manufactured since 1995 are affected by Meltdown due to a design flaw. This means that most computers are at risk. At this moment, it is unclear how many AMD and ARM processors are also affected by this exploit.

What is Spectre and who is affected by it?

Spectre is a vulnerability affecting microprocessors that perform branch prediction, which results in them revealing private data to attackers

Almost every desktop, laptop, server and smartphone has the design flaw that makes it vulnerable.

What can we do?

Meltdown: Microsoft has already released a patch to address what they can from a Software point of view. This is automatically being rolled out to Correct Group’s IT support clients as part of our service. It works by creating a stronger wall around the software Kernel, but this is at a performance cost, which varies from 5%, to as much as 30%. However, it is generally accepted that this slowdown is better than the alternative – a compromised system!

Spectre on the other hand is not likely to be fixed as quickly. Microsoft have already released a patch which addresses some of the areas of the exploit, but it is thought that a permanent fix will only be possible with a physical change to the architecture of the affected chips – and this means a new CPU!

What next?

If you are a Correct Group client, rest assured that our patching process will deploy the most up to date critical patches to your Windows Servers and Workstations automatically. Security researchers are constantly working on creating the most optimally effective solutions (read here for more information on these developments).

If you are concerned about Meltdown and Spectre and would like to discuss it further with our computer technicians, please do call us and we’ll be happy to go through it in more detail with you.

If you are not a Client and would like some help with this, please get in touch here and we’ll work out a suitable remediation plan for you!

 

« »
Contact Us