As you may or may not be aware from the mass media, security researchers have discovered a new vulnerability in computer processors. The Meltdown and Spectre vulnerabilities as they have been called affect almost every computer processor.
The nature of the vulnerability is technically very complex and will not be covered in this post, however, the practical implications must be considered by us all.
There is a lot of information (and misinformation) in the media at the moment, so I have taken the time to summarise the key points:
- This vulnerability allows attackers to access areas of your computer/server previously thought to be protected (encryption keys, passwords, private browsing data).
However, there are currently no reports of this vulnerability being used to carry out attacks to date. - This vulnerability has the potential to affect computers/servers with Intel, AMD, and ARM processors.
- This vulnerability affects Microsoft, Linux, iOS, Android, MacOS, and Chrome operating systems.
- In the very short term, Sophos and Microsoft have released patches, and these patches will be tested and rolled out by First Stop IT to our clients.
- Once system manufacturers such as HP release firmware updates, we will test and roll out these updates as well.
Please note – only devices within manufacturer support will receive firmware updates – HP devices require an active warranty to be eligible for HP updates.
Please note, it has been reported that these patches may slow systems down. We currently have no data to either support or deny these claims, however, it is something that should be expected and pre-empted.
Please don’t hesitate to contact us with any questions, or if you would like more details surrounding the technicalities of the vulnerabilities.
We will, of course, keep you posted with any pertinent updates on the Meltdown and Spectre vulnerabilities as we are made aware of them, however, if you have any questions or want to pick my brains in the meantime please don’t hesitate to contact us.