crn5000-inc2015 BPTW logo
Contact us today!
(918) 770-8738
 
 

Integrated Business Technologies Blog

Integrated Business Technologies has been serving the Broken Arrow area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Integrated Business Technologies, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at (918) 770-8738.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 22 October 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      freeconsultation
       

      Tag Cloud

      Security Technology Tip of the Week Privacy Managed Service Provider Business Management Internet Cloud Microsoft Business Computing Best Practices Saving Money Productivity Workplace Tips IT Services Hosted Solutions Hackers Backup Email Malware Business Software Mobile Devices Data IT Support Network Hardware Small Business Communication Server Smartphones Computer VoIP Upgrade Business Continuity Google Windows Efficiency Disaster Recovery Mobile Device Management Innovation Microsoft Office Virtualization Data Backup Tech Term Outsourced IT Miscellaneous Mobile Office Vendor Management Holiday Gadgets Social Media Quick Tips Passwords BYOD User Tips Network Security Smartphone Browser Mobile Computing Android Windows 10 Productivity Internet of Things Managed IT services WiFi Bring Your Own Device Remote Monitoring Data Recovery The Internet of Things Ransomware Best Practice Spam Wireless Technology Alert Data Management Save Money Trending Operating System Apple Users Remote Computing Artificial Intelligence Unified Threat Management Gmail Office Collaboration Going Green Encryption Firewall Content Filtering Customer Relationship Management History Cloud Computing Managed IT Router Big Data Printer Tech Support Analytics IT Support IT Solutions Lithium-ion Battery Facebook Information Technology Current Events IT Consultant App Windows 8 Employer-Employee Relationship Website Applications Humor Two-factor Authentication Saving Time Avoiding Downtime Antivirus Phishing Maintenance Document Management Hard Drives Mobile Device Paperless Office VPN Business Growth Risk Management Wi-Fi Marketing Customer Service Hacking Excel Computers Phone System Government Managed IT Services Compliance Apps Application Automation Virus Office Tips Retail Bandwidth Project Management Fax Server Cybersecurity IT service Digital Payment Chrome Outlook Health PowerPoint Social Networking Unified Communications Tablet Data Security Office 365 Password Inbound Marketing iPhone Healthcare Infrastructure Administration Presentation Augmented Reality Budget Managed Service Proactive IT Training Computer Repair Regulations Point of Sale Mouse Files Recovery Money Help Desk Net Neutrality Running Cable Social User Error Licensing Co-Managed IT File Sharing Wearable Technology Conferencing IoT Robot Hiring/Firing Windows 10 Alerts Printing Display End of Support Tip of the week LiFi Computing Statistics Scam Intranet Competition Business Intelligence Network Congestion Recycling eWaste Downtime Remote Workers Search Piracy Vulnerability Virtual Desktop USB Business Owner Information Data loss Blockchain HIPAA Sports BDR Hacker User Programming Redundancy Company Culture Analyitcs Twitter Education Machine Learning Specifications Safety Settings Flexibility Hosted Solution IBM Internet Exlporer Storage Cost Management Mobility Smart Technology Wireless Data storage Cybercrime Save Time Mobile Security WPA3 Migration E-Commerce Public Cloud Downloads Hacks Documents Distributed Denial of Service Hotspot Halloween Networking Entrepreneur Vulnerabilities Adminstration Fleet Tracking 3D Chatbots Features PC Care Sync Multi-Factor Security Undo PDF Value People Star Wars Software Tips Managed IT Service 5G Language Scary Stories Virtual Reality Geography eBay Asset Tracking Remote Support Identity Electronic Health Records Leadership Mobile Device Managment Google Calendar Monitors Skype Streaming Media Utility Computing New Additions Break Fix Server Management Computing Infrastructure SaaS Techology Deep Learning Print Server High-Speed Internet Text Messaging OneNote Work Station Cyberattacks Legislation Domains Google Wallet Fun Writing LinkedIn Scheduling Congratulations Dark Web Video Surveillance Cooperation Chromebook Disaster Resistance Word Law Firm IT Development Windows 8.1 Update Employee-Employer Relationship Motherboard Read Only G Suite Public Speaking Drones Cortana Social Engineering Best Available Buisness Hard Drive Data Warehousing Patch Management Staff IT Consulting Identities Cables Modem Bookmarks Travel Software as a Service Backups Knowledge Environment CIO Cache Microsoft Excel Operations Politics Data Breach Solid State Drive Bluetooth Wires Online Currency Samsung Cookies Favorites Meetings Technology Tips Legal Experience Troubleshooting Debate Management Computer Accessories Virtual Private Network Telephony Technology Laws Heating/Cooling Alt Codes Consumers Monitoring Crowdfunding Nanotechnology Instant Messaging Macro Comparison YouTube Enterprise Resource Planning How To Permissions IT Technicians Unified Threat Management Typing MSP Screen Reader Identity Theft Black Friday IP Address Google Drive How To Mobile Assessment Fraud Gaming Console Touchscreen Mirgation Consulting Access Control Refrigeration Cryptocurrency Disaster Proactive Smart Tech Cyber Monday Google Docs Managing Stress IT Management Business Technology Managed Services Provider Private Cloud SharePoint Bitcoin Digital Signature Remote Monitoring and Management Memory Connectivity Laptop communications Enterprise Content Management Network Management

      Top Blog

      Basically, any machine that uses fans and vents to cool itself can overheat if airflow is restricted. If you have used a laptop on your lap for an extended session, then you know what we are talking about when the computer becomes hot to the touch. Every portable device is designed a little diffe...
      QR-Code