Meltdown / Spectre IT Security Alert

As many of you have may have read recently, Google researchers have highlighted significant vulnerabilities found in a number of processor chipsets.

Meltdown and Specter Vulnerabilities

These have the potential to leak passwords and other sensitive data to malicious programs running on the device. At this time, there is no evidence that these are being actively exploited, but the general expectation is that they will within a reasonably short period of time.

Meltdown
This consists of a single vulnerability in Intel chipsets, and is described as the easiest of the vulnerabilities to exploit. Operating system manufacturers are currently providing patches to mitigate this issue, although it is expected that there may be cases where system performance is degraded after the patch is applied.

Spectre
This consists of two vulnerabilities in virtually all processors from all manufacturers, due to a common design flaw. This is expected to be very much more difficult to exploit – but also much more difficult to mitigate. It is expected that a hardware refresh would be required to fully mitigate these vulnerabilities.

What are we doing about this?
We are actively working to investigate the impact of these vulnerabilities across our clients landscapes, as well as working with the relevant responsible providers to mitigate.

Microsoft patches to mitigate the Meltdown vulnerability are currently being tested in the Colt911 Solutions environments and will be pushed to the all clients commencing January 8. All client environments are different thus we are ensuring each environment is patched accordingly. Emergency patching protocols have also been established for server environments.

Remember that these vulnerabilities also impact your home devices (computers, tablets, smart phones, smart devices etc.) so do keep all such devices updated with the manufacturers’ latest patches. It is important that you reboot your devices after the patch is applied.

For other devices – such as iPhones or Android phones – please ensure that you apply the latest security patches when available.

Details of these vulnerabilities have not been fully published or analyzed by all vendors. It is expected that additional information and mitigation strategies will be documented in the coming weeks.

External Reference(s)

Trend Micro Blogs

Microsoft Information

Other 3rd Party Information