Meltdown and Spectre Processor Vulnerabilities
This week we have learnt about a serious flaw in the design of many modern CPU processors that will require Microsoft, Linux and Apple to update operating systems for computers around the world.
‘Meltdown’ and ‘Spectre’ are two attacks against modern CPU microprocessors that can result in unprivileged code reading data it should not be able to.
The UK’s National Cyber Security Centre (NCSC) is aware of the issue and patches are being produced.
Most devices – from smartphones to hardware – may be vulnerable to some extent. Manufacturers are working on (or have already released) patches to mitigate the issue.
Experts have said that the fix could slow down the performance of computers by up to 30% but Intel have played this down, saying that “for the average user, performance impacts should not be significant and will be mitigated over time”.
In response to the news, the NCSC has advised “We are aware of reports about a potential flaw affecting some computer processors. At this stage there is no evidence of any malicious exploitation and patches are being produced for the major platforms.”
“The NCSC advises that all organisations and home users continue to protect their systems from threats by installing patches as soon as they become available.”
Minerva will be applying patches (as they are released by manufacturers) to all our customers that have Network Support and that require such updates to be applied.
Microsoft is expected to publicly introduce the necessary changes to its Windows Operating System in an upcoming patch from Tuesday. Underlying firmware will also need to be checked to see that it is up to date and Minerva will be providing further advice with regards to this
What is the impact?
In the worst case, code running on a device can access areas of memory it does not have permission to access. This can result in compromise of sensitive data, including secret keys and passwords.
What can I do to protect myself and my organisation?
Device and platform manufactures are releasing updates to supported products which will mitigate this issue. Ensure that the latest patches have been installed, and that you are not using unsupported devices as these will not be fixed.
1) If you do not have a Network Support contract with Minerva, you should find out if your device requires an update – you can do this by contacting either the manufacturer or your existing support provider. Alternatively give Minerva a call and we will try to assist.
Further guidance about ‘Meltdown’ and ‘Spectre’ can be found on the National Cyber Security Centre (NCSC) website here.
2) You should apply updates to all your devices as and when the patches are released.
If you have any concerns or require any further information, you should contact your account manager on 01707 607100. Please note that information is still being released, so please look out for further updates over the coming weeks.