Contact us today!
(800) 588-4430

Telesys Voice and Data Blog

Telesys Voice and Data has been serving the Richland Hills area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Telesys Voice and Data, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at (800) 588-4430.

Comments

 
No comments yet
Already Registered? Login Here
Guest
Friday, 16 November 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Blog Archive

Free Consultation

Sign up today for a
FREE Network Consultation

How secure is your IT infrastructure?
Let us evaluate it for free!

Sign up Now!

Free Consultation
 

Tag Cloud

Security Tip of the Week Technology Cloud Best Practices Hackers Malware Privacy Business Computing Email Productivity Business Microsoft Internet Hosted Solutions Software Windows 10 Managed Service Provider Backup IT Services Network Security Ransomware Computer Mobile Devices Smartphone Android User Tips Managed IT services Google Browser IT Support Workplace Tips Social Media Outsourced IT Hardware Communication Disaster Recovery Innovation Efficiency Data Business Continuity Data Backup Data Management Smartphones App Business Management Holiday Productivity Upgrade Cloud Computing Small Business Office Internet of Things Facebook Miscellaneous WiFi Data Recovery Microsoft Office Network Server Office 365 Windows Remote Monitoring Tech Term Spam Phishing Encryption Artificial Intelligence Gmail Big Data Customer Relationship Management Apps Hosted Solution Recovery Unified Threat Management Password Bandwidth Robot Firewall Save Money Paperless Office Work/Life Balance Content Filtering Passwords Chrome Infrastructure Wi-Fi Office Tips Apple Avoiding Downtime Document Management Tip of the week Employer-Employee Relationship Cybersecurity Customer Service Risk Management Mobile Device Management Managed IT Services Word How To Saving Money Remote Computing Government Hacker Money BYOD Education Mobile Device Antivirus Outlook Cybercrime Project Management Compliance Managed IT Data loss BDR Social File Sharing Website Applications Health Windows 10 Telephone Systems Vendor Management Hacking Alert Mobile Computing Two-factor Authentication Settings Tech Support Data storage Data Security Analytics Computing IT Support The Internet of Things Computers Operating System VoIP Virtual Reality Presentation Business Growth IT Management SaaS IT service Specifications Automobile Upgrades Cortana Budget Virtualization Healthcare Administration End of Support Tablet Mouse User Business Technology IT solutions Safety Regulations Collaboration Retail Legal Wireless Technology Wireless Best Practice Twitter Downtime Lithium-ion battery Business Owner Politics communications Monitors Smart Technology Travel YouTube Google Drive Patch Management HIPAA Scam Marketing Websites Unified Communications Automation Going Green Router Physical Security Mobile Security Vulnerability Taxes Botnet LiFi Identity Theft Printing Competition Samsung VPN Meetings Information Technology Storage Virtual Private Network Assessment Humor Augmented Reality Server Management Licensing IBM Running Cable Computer Care Analyitcs Digital Payment Maintenance Training Bring Your Own Device Search Sports Downloads Corporate Profile IP Address Proactive Cooperation Redundancy IT Consulting Fort Worth Quick Tips Alt Codes Update Blockchain Web Server History Multi-Factor Security WannaCry Mobile Office Remote Monitoring and Management Staff Data Breach flu shot Time Management Administrator Typing 3D Printing Chromebook Buisness Cost Management Permissions Cameras Cabling Flexibility Google Calendar Law Enforcement Staffing Network Congestion WPA3 Technology Laws Fort Worth IT Network Management Cryptocurrency Unsupported Software Knowledge Emoji Management Fraud iPhone CCTV Operations Lenovo Legislation VoIP Gadget GPS Display Fleet Tracking Experience Hacks Social Networking Unified Threat Management DFW IT Service Touchscreen Bitcoin Google Maps Mobile Data Disaster Enterprise Resource Planning Net Neutrality Shortcut Wearable Technology Superfish Digital Tracking Asset Tracking Current Events Motherboard business communications systems Windows 8 Uninterrupted Power Supply Processors Domains Mobile Internet Exlporer G Suite Entrepreneur Software as a Service Spyware 5G Remote Workers Application Internet Protocol Distributed Denial of Service Motion Sickness PowerPoint Solid State Drive Users Google Docs Public Speaking Vulnerabilities IT Technicians Networking Technology Tips How To Consumers Writing Electronic Health Records Modem VoIP streamlines Managed IT Service Heating/Cooling Personal Information User Error Hard Disk Drive Geography Hotspot IT Consultant Mirgation Comparison Firefox Machine Learning Supercomputer Social Engineering Cyberattacks Laptop Hard Drives Cookies business network infrastructure Break Fix Servers eWaste Help Desk Computer Repair Printer Notifications Virtual Desktop IT Sevices Cables Language Cleaning Migration Techology Black Friday Relocation IT Budget Bookmarks Halloween Google Wallet Refrigeration Nanotechnology data services Dark Web Environment Webcam Electronic Medical Records Access Control Crowdsourcing Dark Data Wires Computing Infrastructure Mail Merge Chatbots Disaster Resistance Cyber Monday Consultation Private Cloud Deep Learning Fun Favorites Scary Stories Drones IoT Data Warehousing Statistics Troubleshooting Point of Sale Software Tips SharePoint MSP Alerts Address Identity Proactive IT flu season Error Conferencing Undo Utility Computing Microsoft Excel Bluetooth Phone System

Top Blog

Don't be Afraid to Replace Got an older PC that's causing you a lot of issues? Older technology is typically more expensive to run, and after a while, it's cheaper to simply buy a new desktop than it is to continue pouring money into something that always seems broken. It's a great time to buy wo...
QR-Code