We have been covering the Meltdown and Spectre vulnerabilities since they came to light a couple of weeks ago. These bugs, present in almost every computer processor, arise from the way they use predictive “out of order” instructions. Most processors from Intel, AMD and ARM have the faults – and Intel seems to be worst affected.
Meltdown and Spectre Update
The spectre and meltdown vulnerabilities enable attackers to steal information from within memory which is being used by other programs or the operating system itself. For example, malicious code in one web page could collect information, such as passwords, from another website in another browser tab.
There are in fact three separate vulnerabilities.
- The first, called “bounds check bypass” (CVE-2017-5753), needs a firmware update to mitigate the risk.
- Spectre, The second vulnerability, “branch target injection” (CVE-2017-5715) can be fixed with a firmware update or mitigated in software.
- Meltdown, “rogue data cache load” (CVE-2017-5754) needs an operating system patch.
Meltdown and Spectre: Are you vulnerable?
By now, most PCs will have been updated with patches to protect them. If you are not sure whether or not your PC is vulnerable, software is available to check. Your Hull IT Support company will be able to check all of your business PCs to ensure you are safe. Some PCs need their antivirus software updating first, as it blocks the software update to patch the meltdown and spectre vulnerabilities.
As a rule of thumb, the older your machines, the more vulnerable they are likely to be – combined with the performance hit associated with the patches, it may be time to upgrade your business PCs. Contact a Hull IT support company to get a price for bespoke business computers.
Is My Web Browser at Risk?
The most likely way for a Spectre or Meltdown attack is via your web browser, and so browser companies are updating their software. It’s always important to keep your browser up to date, especially now. You could ask your Hull IT Support provider to enable “site isolation” if you use the Chrome browser. It offers a second line of defence against such attacks. It keeps pages from different websites in different “sandboxed” processes.
How Much Risk is There, Really?
The initial reports of Meltdown and Spectre were apocalyptic, but because the bugs were secretly disclosed in June, patching is now well under way. Most careful users of modern PCs should not have much to worry about… but the risk of Spectre malware cannot be underestimated.
Digitalquill – Experts in IT Security
If you are not sure how to upgrade your software or hardware, or your computer needs replacement, call our Hull business IT Support Team today to find out more about our affordable Hull IT Support solutions.