Contact us today!
(800) 588-4430

Telesys Voice and Data Blog

Telesys Voice and Data has been serving the Fort Worth area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Telesys Voice and Data, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at (800) 588-4430.

Comments

 
No comments yet
Already Registered? Login Here
Guest
Thursday, 22 February 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Blog Archive

Free Consultation

Sign up today for a
FREE Network Consultation

How secure is your IT infrastructure?
Let us evaluate it for free!

Sign up Now!

Free Consultation
 

Tag Cloud

Security Tip of the Week Technology Cloud Best Practices Hackers Privacy Productivity Malware Business Computing Business Email Microsoft Internet Windows 10 Backup Software Hosted Solutions IT Services Computer Network Security Managed Service Provider Android Smartphone Ransomware User Tips Google Mobile Devices Workplace Tips IT Support Hardware Efficiency Browser Communication Social Media Managed IT services Business Continuity Smartphones Disaster Recovery Outsourced IT App Office Holiday Data Innovation Small Business Facebook Business Management Remote Monitoring Upgrade Miscellaneous WiFi Office 365 Microsoft Office Windows Data Management Encryption Server Network Gmail Big Data Data Backup Internet of Things Data Recovery Apps Phishing Hosted Solution Recovery Spam Cloud Computing Artificial Intelligence Firewall Robot Password Content Filtering Work/Life Balance Tip of the week Office Tips Productivity Chrome Employer-Employee Relationship Cybersecurity Risk Management Unified Threat Management Apple Avoiding Downtime Word Hacker Customer Service Mobile Device Management How To Save Money Money Paperless Office Saving Money VoIP Remote Computing Presentation Business Growth Social Windows 10 Customer Relationship Management Wi-Fi Telephone Systems Outlook Applications Document Management Passwords Vendor Management Data Security Two-factor Authentication Settings IT Support Analytics Alert Health Managed IT Services The Internet of Things Computers Data storage Computing Hacking Tech Support Bandwidth Antivirus Education Virtual Reality Government Operating System Managed IT SaaS Cybercrime BYOD Tablet Automobile Infrastructure Upgrades Analyitcs Budget IT solutions Safety End of Support Wireless Technology Mouse Wireless Downtime Collaboration Website Specifications Legal Scam communications Vulnerability YouTube File Sharing User Unified Communications Twitter Politics Monitors Travel Google Drive Retail HIPAA LiFi Websites Automation Best Practice Virtual Private Network Mobile Security Physical Security Going Green Lithium-ion battery Taxes Server Management Botnet Business Owner Printing Samsung Augmented Reality Licensing Marketing Maintenance IBM Running Cable Digital Payment Mobile Computing IT Management Competition Bring Your Own Device Computer Care Search Sports Information Technology Project Management IT service Mobile Device Training Cortana Virtualization Humor Business Technology Administration Data loss Technology Laws Typing Network Management Fort Worth Blockchain Buisness Troubleshooting Lenovo Staff Web Server VoIP Multi-Factor Security Update Staffing BDR Unified Threat Management Cryptocurrency Touchscreen flu shot Knowledge Shortcut Permissions Administrator Disaster 3D Printing Phone System Superfish Flexibility Cameras Digital Google Calendar Chromebook GPS Law Enforcement Google Maps Network Congestion business communications systems Bitcoin Fort Worth IT Experience Patch Management Fraud Uninterrupted Power Supply Unsupported Software Operations CCTV Spyware Legislation Emoji Tracking Gadget Display Internet Protocol Windows 8 DFW IT Service Net Neutrality Solid State Drive Domains Mobile Data Hacks Networking Wearable Technology How To 5G Entrepreneur Application VoIP streamlines Heating/Cooling Smart Technology VPN Internet Exlporer Users Hard Disk Drive Public Speaking Current Events iPhone G Suite Firefox Software as a Service Processors Identity Theft Servers Distributed Denial of Service business network infrastructure Motion Sickness Supercomputer Google Docs Techology IT Technicians Assessment Technology Tips Managed IT Service Laptop Help Desk Hard Drives Writing data services Mail Merge Hotspot Virtual Desktop Personal Information IT Budget Disaster Resistance Mirgation IT Consultant Consultation Comparison Statistics Break Fix Halloween Machine Learning Refrigeration Social Engineering User Error PowerPoint Address Language Meetings Printer Computer Repair Notifications Storage Proactive IT Deep Learning Cleaning Black Friday Fun Bluetooth Dark Web Scary Stories Relocation Software Tips Consumers Google Wallet Redundancy Computing Infrastructure Webcam Corporate Profile Access Control Electronic Medical Records Crowdsourcing Dark Data IT Consulting Quick Tips Cyber Monday Data Warehousing Private Cloud Undo eWaste Drones Alerts Point of Sale WannaCry SharePoint IP Address Data Breach Alt Codes IT Sevices Time Management flu season Microsoft Excel Error Cabling Environment Cooperation Downloads Mobile Office

Top Blog

Don't be Afraid to Replace Got an older PC that's causing you a lot of issues? Older technology is typically more expensive to run, and after a while, it's cheaper to simply buy a new desktop than it is to continue pouring money into something that always seems broken. It's a great time to buy wo...
QR-Code