The Spectre of a Meltdown

If you’re confused by the avalanche of early reports, denials, and conflicting statements about the security issues announced this week, don’t worry — you’re not the only one. Here’s what you need to know about Meltdown and Spectre, the two vulnerabilities that affect practically every computer and smart device out there.

What is Known

  • This affects all brands of and types computers – for example IBM, Dell, and yes, Apple workstations and servers are all affected
  • This also affects cell phones (including iPhones), tablets and many other intelligent devices
  • It can be mitigated, but not eliminated through software patches
  • To absolutely fix this issue will likely require hardware changes
  • Currently, security researchers do not know of any exploits of this issue, but have proved that it exists. Attacks will likely follow soon.
  • Exploiting this vulnerability requires a malicious program to be run on the computer or device

What McCraw Corp is doing about it

  • We are closely monitoring the situation
  • For Managed Service Agreement clients, we are deploying the patches to your computers as they are released by hardware and software manufacturers. Microsoft plans to release mitigation patches Tuesday, January 9, and our managed virus scanning product, Webroot, will automatically deploy the patches. Please note that we do not patch cell phones and Apple devices. In fact, the first round of Windows patches have already been deployed this week!

What you should do about it

  • Computers running Windows XP and Windows Server 2003 or earlier need to be replaced now. The mitigation patches released by Microsoft likely will not be released for these operating systems.
  • If you are a Managed Services client, be sure your computers are left on overnight so patches can be applied.
  • If you are not a Managed Services client or you aren’t sure, please contact us.
  • Do not run software from sources that you don’t know. This includes games, utilities, and so forth provided for free over the internet.  If you are uncertain of a source, please contact us.

 Should you be concerned?
At the moment, you shouldn’t panic, because so far it doesn’t look like the Spectre or Meltdown flaws have been used in an attack. Device manufacturers are working to provide patches for these flaws, and McCraw Corp will deploy the patches to Managed Services Agreement clients as they become available.

Remember, as a user you are the best, most effective security measure your computer has.  Be careful in the sites you browse and files you download.  Most of today’s malware requires a computer user to download and run it.

Please call us at (864) 295-1616 if you have additional questions or would like to discuss our Managed Services Agreement.

For More Reading on this Topic

http://money.cnn.com/2018/01/03/technology/computer-chip-flaw-security/index.html

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/

https://meltdownattack.com/

https://www.theverge.com/2018/1/3/16846840/intel-arm-processor-flaw-chipocalypse-windows-macos-linux