-->

How to Protect Against Meltdown & Spectre
Featured

05 January 2018  

Security vulnerabilities known as Meltdown and Spectre could affect all modern computers and devices, but there are no known exploits at this time. 

You may have heard about the new computer security flaws were recently uncovered. 

The United States Computer Emergency Readiness Team (CERT) issued the following statement: 

"On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities— known as Meltdown and Spectre— that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information."

Here is what you need to know:

The first thing is that these security flaws have been named Meltdown and Spectre. 

The flaws apply to nearly all computing devices and operating systems, including Microsoft and Apple computers, cell phones, tablets and other devices.

These flaws are actually hardware based, although there are software patches being developed to mitigate the vulnerability. 

There are no known exploits impacting customers at this time. 

"Due to the fact that the vulnerability exists in CPU architecture rather than in software, patching may not fully address these vulnerabilities in all cases,” is the statement on the CERT site. 

Stay Safe:

1. Download software and updates only from trusted sources. 

2. Ensure that your software, especially Operating Systems, are all fully updated.

3. If you use antivirus software, ensure it is also updated. 

4. If there are any firmware updates from the device manufacturer, install them immediately. 

Intel

According to Intel, "Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as “Spectre” and “Meltdown”) reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates.”

Microsoft

Microsoft warns, "Customers who only install the January 2018 security updates from Microsoft will not be fully protected against the vulnerabilities. You will also need to install firmware updates from your device manufacturer. Antivirus software updates should be installed first. Operating system and firmware updates can be installed in either order."

Apple

Apple issued the following statement, "Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. These issues apply to all modern processors and affect nearly all computing devices and operating systems. All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time. Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store. Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. Apple Watch is not affected by Meltdown. In the coming days we plan to release mitigations in Safari to help defend against Spectre. We continue to develop and test further mitigations for these issues and will release them in upcoming updates of iOS, macOS, tvOS, and watchOS.”

CERT 

CERT offers a list of links to information from 25 computer companies here. Check back with your manufacturer and software providers frequently for updates. 

Link to Vendor InformationDate Added
Amazon(link is external) January 4, 2018
AMD(link is external) January 4, 2018
Android(link is external) January 4, 2018
Apple(link is external) January 4, 2018
ARM(link is external) January 4, 2018
CentOS January 4, 2018
Chromium January 4, 2018
Citrix(link is external) January 4, 2018
F5(link is external) January 4, 2018
Google(link is external) January 4, 2018
Huawei(link is external) January 4, 2018
IBM(link is external) January 4, 2018
Intel(link is external) January 4, 2018
Lenovo(link is external) January 4, 2018
Linux January 4, 2018
Microsoft Azure(link is external) January 4, 2018
Microsoft(link is external) January 4, 2018
Mozilla January 4, 2018
NVIDIA(link is external) January 4, 2018
OpenSuSE January 4, 2018
Red Hat(link is external) January 4, 2018
SuSE(link is external) January 4, 2018
Trend Micro(link is external) January 4, 2018
VMware(link is external) January 4, 2018
Xen January 4, 2018
Lynne LaMaster

Lynne LaMaster is the Founder and Editor of the eNewsAZ Network of websites. She asks a lot of questions! In her spare time, she loves photography, cooking and hanging out with her family.

928.458.5119