Technology – Security Issue Impacting Most Electronic Devices – Meltdown and Spectre

Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It’s really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer on networks, including workstation and servers.

This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.

So, if the bad guys are able to get malicious software running on your computer, they may be able to get access to your passwords stored in a password manager or browser, your emails, instant messages, and documents.

The more severe vulnerability, Meltdown (CVE-2017-5754), appears isolated to Intel processors developed in the last 10 years. Spectre (CVE-2017-5715 and CVE-2017-5753) on the other hand, theoretically affects all processors that use speculative execution, including most modern processors manufactured by Intel, AMD, ARM and potentially more.

From a quick read of the many articles, mitigation will require OS patches and firmware updates from Intel, AMD, Arm, etc. For Microsoft, the patch is dependent on having an approved AV application running that sets a compatibility registry key that Microsoft updates will reference. Windows Defender and Microsoft Security Essentials are of course approved and can be used if nothing else is available.

Below are links to information for Microsoft, VMware, Apple, and AWS.

Microsoft Information

Windows Clients Impacted and Will be Patched

  • Windows 10 (RTM, 1511, 1607, 1703, 1709)
  • Windows 8.1
  • Windows 7 SP1

Windows Servers Impacted and Will be Patched

  • Windows Server 2008 R2 Service Pack 1
  • Windows Server 2012 R2
  • Windows Server 2016

Apple

VMWare (5.5, 6.5)

AWS

Advertisements

What do you think about this post?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s