Meltdown & Spectre: What You Need to Know

Home|Network Security, Sophos|Meltdown & Spectre: What You Need to Know

Meltdown & Spectre: What You Need to Know

Meltdown & Spectre

MeltdownMELTDOWN

The vulnerability basically melts security boundaries which are normally enforced by the hardware, instructions they shouldn’t be able to, granting access to sensitive information in other applications’ memory space. This means that the sensitive information your computer is holding could potentially be accessed by anyone that can execute code on the system.

SpectreSPECTRE

Why is it called Spectre? Well, it’s going to haunt us for a while. It tricks processors into executing instructions they shouldn’t be able to. This makes it possible to gain access to sensitive information in the memory of other applications. On top of that, it’s not easy to fix.

Am I Affected?

Yes, almost certainly.

Q. WHAT INFORMATION IS VULNERABLE?

A. Sensitive data stored on the system, such as user-names, passwords, credit card numbers, private customer/patient records, etc.

Q. WHO IS AFFECTED BY THIS VULNERABILITY?

A. Desktop, Laptop, and Cloud computers can be affected by Meltdown. This issue applies to nearly every Intel processor since 1995. Some AMD and ARM processors are also affected. Desktops, Laptops, Cloud Servers, Smartphones, they all can be affected by Spectre. Really all modern processors are potentially vulnerable, specifically Intel, AMD, and ARM processors.

Should I Panic?

THE BAD NEWS

1. FIXES CAN CAUSE PERFORMANCE HIT

For some, the impact may not be noticeable, however, others may experience as much as a 40% slow down.
– Users with Windows 10 will see less of an impact. Upgrading to Windows 10 may help.
– Upgrading your computer or processor may also help counter performance issues.

2. NO PERMANENT FIX EXISTS AT THIS TIME

A permanent fix will come in the form of Intel releasing a new chip. They have not announced when that may be.

3. YOU WON’T KNOW IF YOU’VE BEEN EXPLOITED

The exploitation does not leave any traces in traditional log files, making it unlikely that you’ll know if you’ve been exploited.

4. ANTIVIRUS SOFTWARE PROBABLY WON’T HELP

Meltdown and Spectre are sneaky. They are hard to distinguish from regular applications that don’t post a threat.

THE GOOD NEWS

1. THERE ARE TEMPORARY FIXES AVAILABLE

There are updates and patches that can protect against Spectre and Meltdown.

2. MELTDOWN & SPECTRE CAN’T CRASH SYSTEMS

Unfortunately, some fixes can.

3. THERE ARE NO KNOWN EXPLOITS…YET

At this time there are no known exploits associated with Meltdown & Spectre so there’s still time to protect your business.

4. LES OLSON COMPANY CAN HELP

If you’re overwhelmed by Meltdown & Spectre, Les Olson Company’s I.T. Experts can help you determine whether fixes have already been applied and can help mitigate performance issues that can be associated with fixes.

Get a Security Consultation

Get a Free Network Analysis CTA

By | 2018-03-23T09:35:09+00:00 March 23rd, 2018|Network Security, Sophos|