crn5000-inc2015 BPTW logo
Contact us today!
(918) 770-8738
 
 

Integrated Business Technologies Blog

Integrated Business Technologies has been serving the Broken Arrow area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Integrated Business Technologies, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at (918) 770-8738.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 25 May 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      freeconsultation
       

      Tag Cloud

      Security Technology Tip of the Week Privacy Business Management Managed Service Provider Cloud Internet Microsoft Saving Money Business Computing Productivity Best Practices Workplace Tips IT Services Backup Hackers Hosted Solutions Email Malware Mobile Devices Business IT Support Software Small Business Hardware Network Server Smartphones Data Communication Upgrade Business Continuity Windows Mobile Device Management VoIP Microsoft Office Disaster Recovery Google Virtualization Computer Efficiency Miscellaneous Mobile Office Vendor Management Holiday Innovation Gadgets Social Media Quick Tips Outsourced IT Passwords User Tips Mobile Computing BYOD Android Smartphone Browser WiFi Data Backup Windows 10 Internet of Things Remote Monitoring The Internet of Things Network Security Ransomware Bring Your Own Device Spam Best Practice Alert Wireless Technology Data Management Managed IT services Trending Operating System Apple Remote Computing Users Going Green Content Filtering Data Recovery Artificial Intelligence History Firewall Unified Threat Management Big Data Office Analytics IT Solutions Lithium-ion Battery Save Money IT Consultant Printer Tech Support Information Technology Current Events Gmail Managed IT App Customer Relationship Management Windows 8 Facebook Router Tech Term Encryption Cloud Computing Humor Antivirus Saving Time Avoiding Downtime Maintenance Hard Drives Website Customer Service Outlook Hacking Health Computers Phone System Collaboration Marketing Cybersecurity Two-factor Authentication Excel Automation Applications Office Tips Retail Phishing Document Management Apps Application IT service Digital Payment Mobile Device Virus Business Growth VPN Risk Management Fax Server Managed IT Services Employer-Employee Relationship Office 365 Project Management iPhone Password Government Administration Presentation Augmented Reality Inbound Marketing Data Security Budget Compliance Computer Repair Proactive IT Regulations Recovery Mouse Money Bandwidth Social Net Neutrality Running Cable Licensing Training Infrastructure Chrome Paperless Office PowerPoint Social Networking Wi-Fi User Error Tablet Co-Managed IT Computing Internet Exlporer Statistics Data loss Smart Technology Mobile Security Intranet Business Intelligence Competition Network Congestion Downtime Search Scam Virtual Desktop USB Piracy Files Mobility Business Owner Sports Hacker Point of Sale Programming Tip of the week User Analyitcs Twitter Education Safety Specifications Hosted Solution IBM Settings Flexibility Cost Management Wireless Data storage HIPAA Cybercrime File Sharing Save Time Vulnerability Wearable Technology Robot Help Desk Unified Communications Hiring/Firing Productivity Printing Display Alerts End of Support LiFi Redundancy Leadership Travel Remote Support Streaming Media New Additions Monitors Storage Skype SharePoint Deep Learning Print Server Text Messaging SaaS Connectivity BDR Domains Google Wallet Work Station Congratulations Assessment Fun Writing Adminstration Migration LinkedIn Downloads IoT Word Distributed Denial of Service Law Firm IT Video Surveillance Business Technology 3D Identity Theft Public Speaking Drones Hotspot Windows 8.1 Update Recycling Multi-Factor Security IT Management Cortana Social Engineering Chatbots Best Available eWaste Buisness Star Wars Identities Managed IT Service Networking Telephony Backups Language Google Calendar Network Management Knowledge Identity Environment CIO Utility Computing Solid State Drive Break Fix Bluetooth Legal Scheduling Computing Infrastructure Online Currency Samsung Legislation Debate Windows 10 Experience Troubleshooting Healthcare Heating/Cooling Alt Codes Dark Web Computer Accessories Techology Machine Learning Cooperation Consumers Crowdfunding Motherboard YouTube Hard Drive Typing Data Warehousing Disaster Resistance Private Cloud Software Tips IP Address Google Drive Staff Company Culture Software as a Service Server Management How To Modem Public Cloud Cache Refrigeration Cryptocurrency Microsoft Excel Disaster Touchscreen IT Consulting Google Docs Operations Technology Tips Cookies Sync Bitcoin Macro Blockchain Digital Signature Data Breach Technology Laws Memory communications Comparison Laptop Nanotechnology Mobile Device Managment Hacks Permissions Conferencing IT Support IT Technicians Documents Unified Threat Management Entrepreneur Black Friday Virtual Private Network Halloween Gaming Console Screen Reader PC Care Undo Fraud Value People 5G Mirgation PDF Access Control Cyber Monday eBay Scary Stories Virtual Reality Smart Tech

      Top Blog

      Basically, any machine that uses fans and vents to cool itself can overheat if airflow is restricted. If you have used a laptop on your lap for an extended session, then you know what we are talking about when the computer becomes hot to the touch. Every portable device is designed a little diffe...
      QR-Code