Meltdown and Spectre are the new security vulnerabilities in modern processors such as Intel, AMD, or ARM CPU chipsets. Normally, programs are restricted from reading data from other programs, but these exploits allow hackers to deploy malicious code and exploit these vulnerabilities. The exploit could be used to gain access to business sensitive documents, stored passwords, photos and emails.
Steps for Mitigation
The immediate exposure to these exploits are minimized if your IT department or Service Provider is diligent on keeping up with patching as they cannot be exploited remotely. They require an existing security breach to activate, up to date patching will help prevent any long-term compromises.
Ensure your IT department or Service Provider has patched your hypervisors and operating systems with the most recent security patches specific to these exploits. Many vendors have already released these patches while others are in progress.
Ensure you have the security monitoring systems in place to prevent attacks which provide the initial access to systems.
Ensure your Cloud Service Providers address vulnerabilities at the hypervisor level. Many Cloud Service Providers have already began patching for the exploits. Your Cloud Service Provider will address the underlying infrastructure/hypervisor level, however, you are still responsible to patch and update the operating systems and workloads in the cloud on that hypervisor.
Known Vulnerability Patches
The following patches are examples of vendors that have released patches for Meltdown; however, additional patches may be available for your assets.
- Apple released the macOS update on December 6, 2017.
- Google released the Chrome OS update on December 15, 2017.
- Microsoft released Windows 10 and Microsoft Server 2008, 2012, and 2016 updates on January 3, 2018.
- Microsoft released other updates on January 9, 2018.
- Linux is currently working on patches and have already released several variants.
Contacting IT Authorities
If you have additional questions or need assistance, contact IT Authorities at 1-866-587-5211.