ct logo wslogan

i-medIT Blog

At i-medIT, we provide a comprehensive range of computer and technology solutions to small business owners and Ambulatory Health Care entities. We specialize in helping companies focus on their business by leveraging IT to serve their goals and objectives rather than being a distraction.
Customers come to us for managed services, healthcare IT, project management, IT consulting, HIPAA Compliance, PCI Compliance, server virtualization, and data backup. These core services help our customers run their own companies and take their business goals to the next level.

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like i-medIT are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to i-medIT at 630-549-6199.



No comments made yet. Be the first to submit a comment

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Google Hackers Business Computing Microsoft Cloud Backup Innovation Small Business Email Smartphones Efficiency Malware Software Hardware Android Business Cybercrime Ransomware VoIP Data Backup Windows Mobile Devices Data Network Security How To Business Management User Tips Internet Business Continuity Social Engineering Cybersecurity Cloud Computing Browser Managed IT Services Computers Chrome Mobile Device Management Productivity Spam Social Media Gadgets Data Breach Upgrade Data Security Vulnerability App Telephone Systems Smartphone Money Internet of Things Computer Two-factor Authentication Law Enforcement Outsourced IT Alert Windows 10 Collaboration Managed IT Services Data Recovery Server Automation Communication Disaster Recovery Safety Bring Your Own Device Phishing Operating System Miscellaneous Apps The Internet of Things BYOD Virtualization Office 365 Communications Bandwidth Hosted Solutions Word Router Government Downtime Windows 10 BDR Recovery Data Protection Quick Tips VPN Data Storage Redundancy Avoiding Downtime Comparison IT Management Saving Money Network Internet Exlporer OneNote Data storage IT Plan Remote Monitoring Artificial Intelligence Physical Security Business Intelligence Save Money Unsupported Software Private Cloud Passwords Update Google Drive Gmail Wi-Fi Public Cloud CES Spam Blocking Workforce Frequently Asked Questions Hybrid Cloud Cortana webinar Start Menu Google Docs Computer Care Content Management Windows 10s Meetings Files Telecommuting Networking Excel Monitor PDF Google Apps Conferencing Tools Hiring/Firing Blockchain Office Website Samsung Going Green Uninterrupted Power Supply History Remote Work IBM Tip of the week Patch Management Black Market NarrowBand HBO Data Management Employer-Employee Relationship Emails HIPAA Solid State Drive Relocation Voice over Internet Protocol Value Password Office Tips Data loss Identity Theft Supercomputer Windows Server 2008 Scam Managed IT Wireless Technology Workers Human Resources Audit Cleaning Sports Screen Mirroring User Error Credit Cards Budget Windows 7 Botnet Infrastructure Staff Computer Fan Multi-Factor Security HaaS Tech Support Robot IT Services Cast Fraud Flash Travel Password Manager Netflix Reputation Shadow IT FENG Apple Trending Holiday Laptop End of Support Amazon Current Events Chromecast Business Mangement IT Support Customer Digital Signature iPhone Touchpad Flexibility Internet exploMicrosoft Amazon Web Services Knowledge Sync Marketing Recycling Hacking Encryption Managed Service Provider Specifications Advertising Online Shopping Network Congestion Automobile DDoS eWaste Settings Accountants Legal Outlook Evernote IT Consultant Telephony Productivity Work/Life Balance Criminal Root Cause Analysis Health Millennials Big Data Keyboard Humor YouTube Software Tips Wireless Charging Skype Electronic Medical Records Charger Microsoft Office Facebook Mobile Device Books Experience Save Time Video Games Emergency Music Battery Scalability Employer Employee Relationship Education Information Technology Content Workplace Tips Computer Accessories Computing Infrastructure Webinar Loyalty Audiobook Techology Instant Messaging Transportation Bluetooth Applications IT solutions SaaS Entertainment Benefits Users Wireless IT Support Firewall Worker Virtual Reality Assessment Wearable Technology Remote Computing Smart Technology Rootkit Worker Commute Television USB Risk Management Mobility Search Two Factor Authentication Training CrashOverride Thank You Public Computer Troubleshooting Politics How to Vendor Management Congratulations Best Practice WiFi