Home user guidance to manage processor vulnerabilities ‘Meltdown’ and ‘Spectre’

Serviceteam IT Security News

What are Meltdown/Spectre?

‘Meltdown’ and ‘Spectre’ are two security flaws affecting microprocessors. Actions that would have normally been difficult for an attacker, such as recovering passwords, are theoretically easier.

However, an attacker would still need to run code on your device. Access would typically be gained via well-known means, such as phishing attacks or browsing malicious websites.
 

What are the vulnerabilities?

Processors in most devices employ a range of techniques to speed up their operation. The Meltdown and Spectre vulnerabilities allow some of these techniques to be abused, to obtain information about areas of memory not normally visible to an attacker.
 

What do I need to do?

The NCSC advises you to patch your devices and applications as soon as updates become available. We also recommend that home users enable automatic updates so that future security measures are installed for you. There is no reason to dispose of your device.

Most devices – from smartphones to home computers – may be vulnerable to some extent. The major operating system vendors have produced patches which mitigate the issues. You should install these as soon as possible.

As well as updating your operating system (e.g. Windows, Apple iOS etc…) you may need to apply patches specific to your devices. Details of the patches are typically available on the manufacturer’s website. Applications such as web browsers and office productivity software may also need patching. Major vendors are starting to make these available.

Windows users should note that you may need to update antivirus products before you can successfully install the Windows update that addresses these vulnerabilities. Microsoft’s information about antivirus products affecting application of the Windows update can be seen here and in the table below.

While not specific to this vulnerability, now is a good time to the implement basic cyber hygiene measures that make it harder for potential attackers to compromise your device. This includes using strong passwords, backing up data and using two-factor authentication. Further information can be found at Cyber Aware and on GOV.uk.

Will my old device be patched?

Device and platform manufacturers are releasing updates to supported products, which will mitigate this issue. We recommend that you check on the manufacturer’s website whether your device is still supported. Older devices may no longer be supported, making them vulnerable to the effects of Meltdown, Spectre and other potential flaws that may be uncovered in the future.

More information

Device manufacturers have been issuing advice for their customers, a selection of which can be seen below:

Source: NCSC

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

/by
You might also like
Serviceteam IT Security News Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10
Serviceteam IT Security News Introducing component-driven and system-driven risk assessments
Serviceteam IT Security News Protect your management interfaces
Serviceteam IT Security News Bug Bounty Programs Turn Attention to Data Abuse
Serviceteam IT Security News Bulk Data: 8-15 How is your system designed, implemented and operated?
Serviceteam IT Security News Dominic Raab’s mobile number freely available online for last decade