Home user guidance to manage processor vulnerabilities ‘Meltdown’ and ‘Spectre’

Serviceteam IT Security News

What are Meltdown/Spectre?

‘Meltdown’ and ‘Spectre’ are two security flaws affecting microprocessors. Actions that would have normally been difficult for an attacker, such as recovering passwords, are theoretically easier.

However, an attacker would still need to run code on your device. Access would typically be gained via well-known means, such as phishing attacks or browsing malicious websites.
 

What are the vulnerabilities?

Processors in most devices employ a range of techniques to speed up their operation. The Meltdown and Spectre vulnerabilities allow some of these techniques to be abused, to obtain information about areas of memory not normally visible to an attacker.
 

What do I need to do?

The NCSC advises you to patch your devices and applications as soon as updates become available. We also recommend that home users enable automatic updates so that future security measures are installed for you. There is no reason to dispose of your device.

Most devices – from smartphones to home computers – may be vulnerable to some extent. The major operating system vendors have produced patches which mitigate the issues. You should install these as soon as possible.

As well as updating your operating system (e.g. Windows, Apple iOS etc…) you may need to apply patches specific to your devices. Details of the patches are typically available on the manufacturer’s website. Applications such as web browsers and office productivity software may also need patching. Major vendors are starting to make these available.

Windows users should note that you may need to update antivirus products before you can successfully install the Windows update that addresses these vulnerabilities. Microsoft’s information about antivirus products affecting application of the Windows update can be seen here and in the table below.

While not specific to this vulnerability, now is a good time to the implement basic cyber hygiene measures that make it harder for potential attackers to compromise your device. This includes using strong passwords, backing up data and using two-factor authentication. Further information can be found at Cyber Aware and on GOV.uk.

Will my old device be patched?

Device and platform manufacturers are releasing updates to supported products, which will mitigate this issue. We recommend that you check on the manufacturer’s website whether your device is still supported. Older devices may no longer be supported, making them vulnerable to the effects of Meltdown, Spectre and other potential flaws that may be uncovered in the future.

More information

Device manufacturers have been issuing advice for their customers, a selection of which can be seen below:

Source: NCSC

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

/by
You might also like
Serviceteam IT Security News VMware Patches Bug That Allows Guest to Execute Code on Host
Serviceteam IT Security News Sophisticated attack or human error? How Optus lost control of your data
Serviceteam IT Security News SaaS security collection
Serviceteam IT Security News Real estate agents push back against Australian privacy law changes designed to protect personal data
Serviceteam IT Security News Protecting your organisation from ransomware
Serviceteam IT Security News The run-up to my prostate examination | Brief letters