Meltdown and Spectre Cyberbugs: Hype and Reality
Bottom Line About Meltdown and Spectre Bugs
Meltdown is a potential Intel processor cybersecurity vulnerability and Spectre is a AMD processor cybersecurity vulnerability. Google’s Project Zero discovered the flaws last year and reported to Intel and AMD, but just published their findings on Wednesday. The vulnerabilities could allow hackers to access stored data, including passwords and other sensitive information — on desktops, laptops, mobile phones and cloud networks around the globe. At this time, these hardware flaws can only be partially mitigated by operating system updates and hardware manufacturer updates.
Apple states that it will soon release a new version of its Safari web browser, as well as update for iOS, macOS, tvOS, and watchOS to limit the threat of the vulnerabilities.
According to the Washington Post Apple Meltdown and Spectre Vulnerability, Apple confirmed that all Mac systems and iOS devices are affected, but that no known exploits have impacted its customers. Microsoft also stated that the process of deploying mitigations to cloud services had begun including releasing security updates on January 3 to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, Arm, and AMD. At present, there are no reported exploits for Windows devices either.
While Macs still have less than 5% of the PC market, iPhones are often the most popular smartphone (especially in the U.S.). Unfortunately, Apple users continue to believe they are somehow not at risk to cyberattacks and the press is heavily publicizing to raise awareness.
These vulnerabilities will continue to be a concern for some time, but purported “worst security flaw in history” is unnecessary hysteria. Most cybersecurity experts are also asking for Google to provide coordination and advice on fixing researched, vulnerabilities rather than bashing competitors and causing public panic.
Practical Actions and Risks
Matrixforce was notified by Microsoft on Thursday morning and is currently testing Dell firmware and Windows updates on workstations and servers. There are vague reports with no listed source of potential 30% slow-down in systems after applying hardware firmware updates and software updates. However, no performance issues have been noticed on workstation or server systems with applied updates.
System Administrators can run the following PowerShell commands before and after applying manufacturer and Windows updates:
As part of normal System Assurance, Windows updates will be applied to servers and workstations in standard maintenance windows through the end of the month. Hardware firmware updates for servers will be scheduled as needed and any general PC updates should include applying any hardware BIOS and firmware updates for Dell and other manufacturers.
To protect your device from security related flaws:
- Install any firmware updated for your phone, tablet, or PC from the manufacturer
- Enable Windows updates and verify you have the January 2018 update using the Windows Update: FAQ.
- Ensure that your anti-virus is updated.
- Enroll staff in Overwatch Cybersecurity Tips for on-going education and diligence to protection your customers.
While the press has sensationalized this security information, there are no known vulnerabilities now. However, it’s always prudent to remain vigilant and follow good security habits. Watch for further updates on these vulnerabilities in the next few months.