crn5000-inc2015 BPTW logo
Contact us today!
(918) 770-8738
 
 

Integrated Business Technologies Blog

Integrated Business Technologies has been serving the Broken Arrow area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Integrated Business Technologies, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at (918) 770-8738.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 17 August 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      freeconsultation
       

      Tag Cloud

      Security Technology Tip of the Week Privacy Managed Service Provider Business Management Cloud Internet Microsoft Best Practices Business Computing Saving Money Productivity IT Services Workplace Tips Backup Hosted Solutions Hackers Email Malware Mobile Devices Software Business IT Support Hardware Small Business Data Network Communication Server Smartphones Upgrade VoIP Business Continuity Google Windows Computer Mobile Device Management Efficiency Disaster Recovery Virtualization Microsoft Office Innovation Miscellaneous Mobile Office Vendor Management Holiday Gadgets Social Media Outsourced IT BYOD Data Backup Quick Tips Tech Term Passwords Smartphone User Tips Mobile Computing Network Security Android Browser Internet of Things Windows 10 Managed IT services WiFi Bring Your Own Device The Internet of Things Spam Best Practice Ransomware Remote Monitoring Trending Operating System Apple Data Management Remote Computing Users Data Recovery Alert Wireless Technology Gmail Save Money Going Green Content Filtering Firewall Artificial Intelligence History Unified Threat Management Router Analytics Printer Tech Support IT Solutions Lithium-ion Battery Facebook IT Consultant Encryption Information Technology Big Data Current Events Office App Customer Relationship Management Managed IT Employer-Employee Relationship Humor Saving Time Antivirus Collaboration Avoiding Downtime Two-factor Authentication Document Management Cloud Computing Maintenance Hard Drives Paperless Office Productivity Applications IT Support Windows 8 Marketing Chrome Excel Managed IT Services Business Growth Wi-Fi Phone System Website Customer Service Hacking Computers Compliance Apps Cybersecurity Application Virus Bandwidth Mobile Device Fax Server Digital Payment Automation Outlook Office Tips VPN Retail Risk Management Health Phishing IT service iPhone Inbound Marketing Managed Service Government Administration Augmented Reality Office 365 Password Project Management Computer Repair Proactive IT Regulations Training Mouse Presentation Social Net Neutrality Budget Data Security User Error Co-Managed IT File Sharing PowerPoint Recovery Social Networking Unified Communications Money Infrastructure Tablet Running Cable Licensing Wireless Cybercrime Save Time Intranet Business Intelligence Scam Vulnerability Hiring/Firing Recycling Data loss Blockchain HIPAA BDR Statistics Redundancy Piracy Sports Files Competition Network Congestion Point of Sale Internet Exlporer Downtime Storage eWaste Twitter Smart Technology Company Culture Mobility Mobile Security Search Virtual Desktop USB Help Desk IoT Flexibility IBM Business Owner Hosted Solution Data storage Tip of the week Hacker Programming Wearable Technology User Robot Analyitcs Printing Education Display Alerts End of Support Safety Specifications LiFi Computing Settings Cost Management Memory Cables Patch Management Print Server Staff SaaS Text Messaging IT Consulting Deep Learning Google Wallet Remote Workers Modem Laptop G Suite Work Station Software as a Service Microsoft Excel Writing Congratulations LinkedIn Cache Wires Law Firm IT Operations Chromebook Video Surveillance Data Breach Documents Entrepreneur Drones Scheduling Windows 8.1 Update Cookies Halloween Travel Technology Tips Undo Social Engineering Buisness Best Available Management People Virtual Private Network 5G Technology Laws PDF Identities Backups Nanotechnology Scary Stories Comparison Enterprise Resource Planning How To Permissions CIO MSP Bluetooth IT Technicians Telephony Unified Threat Management Solid State Drive Black Friday Legal Online Currency Screen Reader Identity Theft Mobile Assessment Fraud Domains Proactive Mirgation Fun Computer Accessories Access Control Alt Codes Cyber Monday Word Smart Tech Managing Stress IT Management Public Speaking YouTube Macro Remote Monitoring and Management Business Technology Cortana Machine Learning SharePoint Typing Google Drive Connectivity Enterprise Content Management Network Management How To WPA3 Networking Migration Knowledge Private Cloud Touchscreen Downloads Environment Cryptocurrency Distributed Denial of Service Google Docs Vulnerabilities Windows 10 Hotspot Gaming Console Samsung Bitcoin Debate Fleet Tracking Chatbots Experience Public Cloud Multi-Factor Security Troubleshooting Software Tips Managed IT Service Heating/Cooling Star Wars Geography Language Consumers communications Crowdfunding Hacks Asset Tracking Identity Sync Google Calendar Conferencing Break Fix Utility Computing High-Speed Internet Server Management Computing Infrastructure IP Address Techology PC Care OneNote Mobile Device Managment Legislation Value Dark Web Refrigeration Disaster Adminstration Healthcare Development Cooperation Virtual Reality eBay Disaster Resistance 3D Leadership Employee-Employer Relationship Motherboard Remote Support Streaming Media Data Warehousing Monitors New Additions Digital Signature Skype Hard Drive

      Top Blog

      Basically, any machine that uses fans and vents to cool itself can overheat if airflow is restricted. If you have used a laptop on your lap for an extended session, then you know what we are talking about when the computer becomes hot to the touch. Every portable device is designed a little diffe...
      QR-Code