Contact us today!
(800) 588-4430

Telesys Voice and Data Blog

Telesys Voice and Data has been serving the Richland Hills area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

ALERT: Make Sure Your Business is Safe from Meltdown and Spectre

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

This issue was first reported in a blog maintained by an unknown user identified only as Python Sweetness, who summed up what they described as “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

In other words, a bug had been discovered that messed with how different programs could interact with the CPU. Normally, the CPU has two modes: kernel, which allows complete, carte blanche access to the computer itself, and user, which is supposed to be the ‘safe’ mode. The issue that Python Sweetness discovered was that the bug allowed programs that were run in user mode to access kernel mode. This could potentially open the door for malicious programs and malware to access a user’s hardware itself and see anything that’s going on in protected memory space, meaning programs could gain access to memory being used by other programs, or in the case of virtual machines they could cross-talk between VMs as well.

Fortunately, a fix has been developed that will likely only cause a 2% dip in system performance, a greatly lesser sacrifice than what was initially expected. Originally, it was assumed that entire processes would be shifted from user mode to kernel mode and back again, slowing the entire system down considerably. There has since been a Windows update to mitigate the CPU issue, despite the expectation that it would take a hardware change to implement it.

For PCs with Windows 10 installed, and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

If you have an Android device, there was an update on January 5 that provided mitigations, with the promise of further updates to add to these protections. Google-branded phones, including the Nexus and Pixel lines, should have already received the patches, and other Android phones may have as well. It is something that you should check, and if you haven’t received an update yet, reach out to your carrier and ask why (posting publicly can get you extra points).

An update to Google Chrome is expected on January 23, with other browsers following suit, that will also include mitigations. In the meantime, ask your IT resource to help you activate Site Isolation to help keep a malicious website from accessing your data from another tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

Issues like these are exactly why businesses need a managed service provider looking out for them. An MSP, like Telesys Voice and Data, would have heard about this issue and its associated update (or any issue/update, for that matter) and taken the actions needed to resolve it.

This is all done without the business needing to worry about handling any of it, freeing its internal staff to complete projects that generate profit, rather than work to maintain operations and security.
For more ways that an MSP can benefit your crew, reach out to us at (800) 588-4430.

Comments

 
No comments yet
Already Registered? Login Here
Guest
Wednesday, 20 February 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Blog Archive

Free Consultation

Sign up today for a
FREE Network Consultation

How secure is your IT infrastructure?
Let us evaluate it for free!

Sign up Now!

Free Consultation
 

Tag Cloud

Security Tip of the Week Technology Cloud Best Practices Business Computing Hackers Malware Privacy Business Productivity Email Hosted Solutions Microsoft Software Internet Windows 10 Managed Service Provider Backup Computer Network Security Ransomware IT Services Innovation Mobile Devices Android Smartphone Managed IT services Social Media Hardware User Tips Google Outsourced IT Productivity Browser IT Support Workplace Tips Business Continuity Efficiency Communication Disaster Recovery Data Backup Upgrade Data Data Management Data Recovery Small Business App Business Management Cloud Computing Smartphones Internet of Things Office Holiday Microsoft Office Network Facebook Remote Monitoring Server Miscellaneous WiFi Office 365 Windows Gmail Big Data Save Money Paperless Office Phishing Encryption Spam Managed IT Services Artificial Intelligence Tech Term Bandwidth Firewall Robot Apps Password Hosted Solution Recovery Customer Relationship Management Employer-Employee Relationship Passwords Unified Threat Management Avoiding Downtime Hacker How To Mobile Device Management Customer Service Infrastructure Government Content Filtering Money Document Management Saving Money Work/Life Balance Tip of the week VoIP Remote Computing communications Wi-Fi Collaboration Cybersecurity Office Tips IT Support Vendor Management Risk Management Chrome Word Apple Antivirus Computing Project Management Hacking Compliance Mobile Computing Managed IT Data loss Education Tech Support BDR Virtual Reality Cybercrime SaaS Operating System Applications BYOD Windows 10 Telephone Systems Social Business Growth Downtime Website Vulnerability Presentation Data Security File Sharing Outlook Two-factor Authentication Settings Analytics The Internet of Things Alert Computers IT Management Printing Data storage Health Mobile Device Meetings Healthcare Marketing Storage Bring Your Own Device Tablet Search Sports Computer Care IT service Remote Monitoring and Management Business Technology Competition Regulations Cortana Virtualization Administration Training Information Technology Humor IT solutions Safety Automobile Upgrades Smart Technology Wireless Technology Patch Management Budget Scam Analyitcs End of Support HIPAA Software as a Service Wireless Router Mobile Security Mouse Identity Theft Legal YouTube VPN Specifications Unified Communications Twitter Virtual Private Network Politics Monitors Assessment LiFi Travel User Server Management Licensing Google Drive Websites Automation Digital Payment Physical Security Retail Going Green Maintenance Taxes Botnet Best Practice Augmented Reality Lithium-ion battery IBM Running Cable Samsung Business Owner Zero-Day Threat Scary Stories Computer Repair Blockchain History Staff WannaCry Multi-Factor Security Cleaning Notifications Proactive Relocation Conferencing Data Breach Time Management PowerPoint flu shot Backup and Disaster Recovery Undo Webcam Electronic Medical Records Cost Management Google Wallet Permissions Cabling Consumers Dark Data Flexibility Google Calendar Staffing IP Address Crowdsourcing Private Cloud Employees Technology Laws Network Management Alt Codes Fort Worth IT Procurement Point of Sale Management Drones Fraud Lenovo Operations VoIP Legislation GPS Mobile Office WPA3 Error Unified Threat Management eWaste Social Networking Touchscreen Typing DFW IT Service Google Maps Disaster IT Sevices Remote Worker Buisness Enterprise Resource Planning Shortcut Net Neutrality Superfish Wearable Technology Digital Tracking Fleet Tracking business communications systems Environment Motherboard Cryptocurrency Knowledge Uninterrupted Power Supply Virtual Assistant Web Server Update Mobile Internet Exlporer Asset Tracking Spyware Administrator Internet Protocol Troubleshooting 3D Printing Bitcoin Distributed Denial of Service Experience Solid State Drive Cameras Chromebook Company Culture Law Enforcement Remote Workers Networking Network Congestion IT Technicians How To Technology Tips VoIP streamlines Unsupported Software Modem Heating/Cooling Phone System Windows 8 Managed IT Service Hotspot Hard Disk Drive User Error Domains CCTV Emoji Vulnerabilities Gadget Information Display Mirgation Firefox Comparison Supercomputer 5G Entrepreneur Application business network infrastructure Mobile Data Cookies Servers Hacks Break Fix Help Desk Language Users Printer Public Speaking Geography Electronic Health Records Techology Migration Black Friday IT Budget data services Nanotechnology Current Events Dark Web Computing Infrastructure Access Control G Suite Processors Cables Mail Merge Cyberattacks Disaster Resistance Chatbots Consultation Cyber Monday Laptop Hard Drives Motion Sickness iPhone IoT Statistics Data Warehousing Software Tips Google Docs Alerts Virtual Desktop SharePoint Wires Address Bookmarks Proactive IT Writing Identity flu season Halloween Refrigeration Personal Information Utility Computing Bluetooth Microsoft Excel Cooperation Corporate Profile Downloads IT Consultant MSP Redundancy Machine Learning Favorites IT Consulting Social Engineering Quick Tips Deep Learning Fort Worth Fun

Top Blog

Don't be Afraid to Replace Got an older PC that's causing you a lot of issues? Older technology is typically more expensive to run, and after a while, it's cheaper to simply buy a new desktop than it is to continue pouring money into something that always seems broken. It's a great time to buy wo...
QR-Code