Meltdown and Spectre CPU vulnerabilities explained

Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It’s really a design flaw in the hardware that has been there for years. This is a big deal because it likely affects almost every computer on your network , including your workstations, and your server.  This hardware bug could allow malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug can break that isolation.  So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents.

Computer security experts assigned two names to the vulnerabilities – Meltdown and Spectre.  Meltdown is a risk to many recent Intel-designed CPU chips, running any operating system, including Windows, iOS, and Linux.  Most newer servers and workstations, including servers in data centers, use the affected chips.

Patches, or “fixes” for Meltdown will come from two primary sources, the operating systems publishers and the system designers .  As of this date, many operating system versions have already had patches released, including most supported versions of Windows (Microsoft released many of those patches on January 4, 2018).  Users with individual Windows servers and workstations can generally use the Windows Update feature to check for available important updates, and install as appropriate (a restart will be required in most cases).  Many computer manufacturers will be releasing updates for their systems called “BIOS updates”.  BIOS updates are designed to help protect against the vulnerability outside the operating system.  It may take some time for BIOS updates to be available, and the installation is more complex than operating system updates.  You’ll probably need help from your local IT service provider to install BIOS updates.  If you decide to attempt BIOS updates on your own, be sure to check any warnings from your computer manufacturer, as an improper BIOS update can make a computer completely inoperable.

The Spectre vulnerability seems to be more complex, and may affect CPUs from both Intel and AMD.  However, that is mitigated somewhat by the complexity to exploit the Spectre vulnerability.  Patches or BIOS updates are not yet generally available to address the Spectre vulnerabililty.

As with any possible malware vulnerabilities, the most important protection against these criminal activities is to be very careful when online.  Many of the attempts to install malware and steal information come about through emails you may receive.  Today’s criminals have become adept at creating emails that appear to come from people or companies you may be familiar with or with which you do business.  Be especially cautious of any attachments you did not specifically expect.  Emails may  contact links which may launch malware.  If there is any question as the origin of an email, go to the business or service web site rather than follow a link, or contact the sender directly,  Be sure that all employees and business associates are aware of the dangers posed by malware, and know basic internet safety recommendations.  Make sure any important data or documents on your computers are backed up regularly.