11 Jan 2018

What is Meltdown and Spectre?

Security Researchers have discovered two new security vulnerabilities, Meltdown and Spectre that affect almost all modern computer processors (CPUs) manufactured in the last 20 years. The purpose of this blog is to provide you with some details on the vulnerabilities, and specific actions Brennan IT is taking to protect systems.

The vulnerabilities – code named Meltdown and Spectre – allow a program to steal data currently being processed by other applications, potentially divulging passwords and sensitive information stored by other programs. Both vulnerabilities affect servers, personal computers, mobile devices and cloud infrastructure. For more details, please see https://spectreattack.com/

Meltdown and Spectre : What’s the risk?

The “Common Vulnerability Scoring System” (CVSS) has rated them as a medium risk level. User level access is required to run specific code, meaning attacks cannot be made remotely. There are currently no known exploits. Regardless, all general security precautions should still be taken – regular password changes, not opening unknown attachments, avoiding suspicious websites etc.

What is required to protect systems from this vulnerability?

A two pronged approach is required to secure systems from these vulnerabilities:

  1. Microsoft have released patches for Operating Systems and Hypervisors. The updates have a prerequisite check, requiring your Anti Virus software to be up to date before the patch will apply. 
  2. Hardware with affected CPU will require a firmware update. Depending on the age of your hardware, vendors may or may not release firmware updates.

Our Security team is continuing to monitor the vulnerability status and vendor updates to ensure Brennan IT’s response is aligned with the risk profile. For more information on how we are mitigating risk, or if you have any concerns, don’t hesitate to reach out to your account manager at Brennan IT or call us on 1300 500 000. 

For an in-depth look at how the vulnerabilities may impact Windows systems read the Microsoft blog here

Top