Contact us today!
(800) 588-4430

Telesys Voice and Data Blog

Telesys Voice and Data has been serving the Richland Hills area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Telesys Voice and Data, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at (800) 588-4430.

Comments

 
No comments yet
Already Registered? Login Here
Guest
Sunday, 20 May 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Blog Archive

Free Consultation

Sign up today for a
FREE Network Consultation

How secure is your IT infrastructure?
Let us evaluate it for free!

Sign up Now!

Free Consultation
 

Tag Cloud

Security Tip of the Week Technology Cloud Best Practices Hackers Privacy Malware Business Computing Productivity Business Email Microsoft Internet Windows 10 Hosted Solutions Backup Ransomware Software Computer IT Services Managed Service Provider Network Security Android Smartphone Mobile Devices User Tips Managed IT services Social Media Google IT Support Workplace Tips Hardware Browser Communication Outsourced IT Business Continuity Efficiency Disaster Recovery Smartphones App Innovation Data Management Data Backup Upgrade Small Business Business Management Office Data Cloud Computing Holiday Facebook Microsoft Office Server Remote Monitoring Office 365 Windows Miscellaneous WiFi Network Encryption Data Recovery Artificial Intelligence Gmail Spam Big Data Internet of Things Apps Phishing Hosted Solution Recovery Robot Password Firewall Content Filtering Apple Avoiding Downtime How To Mobile Device Management Customer Service Government Office Tips Save Money Money Paperless Office Infrastructure Employer-Employee Relationship Work/Life Balance Saving Money Tech Term Risk Management Remote Computing Tip of the week Word Productivity Bandwidth Hacker Chrome Cybersecurity Passwords Unified Threat Management Managed IT Services Health Data storage Computing IT Management Hacking Mobile Computing Social Antivirus Website Tech Support Virtual Reality Wi-Fi Mobile Device Managed IT SaaS Data loss Operating System BYOD Two-factor Authentication Settings VoIP Business Growth Analytics Presentation Windows 10 The Internet of Things Computers Telephone Systems Customer Relationship Management Document Management Outlook Vendor Management Data Security Applications Education IT Support Alert Cybercrime Business Owner Samsung Mobile Security Licensing IT solutions Safety Maintenance Marketing Digital Payment Storage Wireless Technology Wireless Computer Care Downtime Competition communications Project Management Training YouTube Information Technology Unified Communications Business Technology Humor Tablet Automobile Upgrades Budget LiFi Analyitcs BDR End of Support Mouse Compliance Collaboration Legal Scam Augmented Reality Specifications Regulations Vulnerability IBM File Sharing Running Cable Twitter Politics Monitors User VPN Travel Identity Theft Google Drive Bring Your Own Device Search Sports Websites Automation Going Green Virtual Private Network Smart Technology Retail IT service Physical Security Taxes Assessment Cortana HIPAA Server Management Virtualization Best Practice Botnet Printing Administration Lithium-ion battery IT Consultant Consultation IT Budget Typing Disaster Resistance User Error IT Technicians Buisness Statistics Technology Tips Machine Learning Social Engineering Computer Repair Modem Address Managed IT Service Meetings Cleaning Notifications Cryptocurrency Proactive IT Hotspot Knowledge Mirgation Bluetooth Comparison PowerPoint Relocation Software Tips Electronic Medical Records Google Wallet Cookies Redundancy Break Fix Webcam Corporate Profile Consumers Quick Tips Printer Crowdsourcing Dark Data Bitcoin IT Consulting Language Experience Migration Black Friday Private Cloud Drones Nanotechnology Dark Web Point of Sale WannaCry Time Management Access Control Windows 8 Data Breach Computing Infrastructure Chatbots eWaste Cyber Monday Domains Error Cabling IT Sevices Utility Computing Data Warehousing 5G Entrepreneur Network Management SharePoint Application Technology Laws Alerts Identity Users Environment flu season Public Speaking Update Staffing Healthcare Lenovo Microsoft Excel Web Server VoIP Touchscreen Downloads Unified Threat Management Cooperation Troubleshooting Shortcut Fort Worth Administrator Disaster 3D Printing Chromebook GPS Cost Management Superfish Blockchain Cameras Digital Laptop Multi-Factor Security Hard Drives Law Enforcement Google Maps Network Congestion business communications systems Staff Virtual Desktop Patch Management flu shot Phone System Uninterrupted Power Supply Unsupported Software Emoji Tracking Permissions CCTV Spyware Flexibility Halloween Google Calendar Refrigeration Gadget Display Internet Protocol Hacks Fort Worth IT Solid State Drive Mobile Data Deep Learning Networking Fraud Fun How To VoIP streamlines Operations Scary Stories Heating/Cooling Legislation Current Events Social Networking DFW IT Service Hard Disk Drive Firefox Processors Net Neutrality G Suite business network infrastructure Wearable Technology Servers Undo Motherboard iPhone IP Address Motion Sickness Supercomputer Google Docs Alt Codes Techology Internet Exlporer data services Software as a Service Help Desk Writing Personal Information Router Mail Merge Distributed Denial of Service Mobile Office

Top Blog

Don't be Afraid to Replace Got an older PC that's causing you a lot of issues? Older technology is typically more expensive to run, and after a while, it's cheaper to simply buy a new desktop than it is to continue pouring money into something that always seems broken. It's a great time to buy wo...
QR-Code