Call Us Today! 1.800.704.3394|info@clearwatercompliance.com

Meltdown and Spectre – Security Vulnerabilities of A Different Sort

Meltdown and Spectre. A very real call to action.

 

These chip defects impact just about every device that uses a vulnerable CPU including PC’s, laptops, smartphones, tablets, servers and the cloud. Even the Apple TV is affected. This is a BIG DEAL! It is the hardware which has an exploitable vulnerability and since it isn’t easy or inexpensive to replace chipsets in computers, the defects have to be mitigated with software. The approach is to mitigate these hardware flaws with operating system changes (i.e., Windows or iOS.) This compensating measure will hamstring some applications and programs. Obviously, if you are operating an unsupported operating system from any vendor, the updates or “patches” will not be available and place the device in danger of exploitation.

The key to success is not to panic but ensure your devices are patched as soon as the vendor releases the updates. Be careful to not download applications from untrusted sources since these chip vulnerabilities are primarily exploited through the use of malicious applications. Take extra precautions with email attachments which is a “vector” or path for malicious software to download to the device.

 

If you can’t patch your system due to an outdated operating system, it is time to upgrade. Consider upgrading the hardware if it is reaching end-of-life.

 

This is a great opportunity for organizations to execute their incident response process to identify affected systems and devices and develop an enterprise action plan.

 

These affected CPU’s are ubiquitous and all IT departments and personal users should take heed. Patch your systems and devices and don’t put it off.

By Rich Curtiss | January 09, 2018 | | 0 Comments

About the Author: Rich Curtiss

Rich Curtiss

Mr. Curtiss has over 35 years of diverse, executive IT experience across several verticals including Healthcare, Finance, Department of Defense, Intelligence Community and Consulting Services. Rich has served in executive information technology and cybersecurity positions as a CIO, CISO, Director and Program Manager. He's a member of the Clearwater consulting team.

Subscribe for News

    Download New White Paper

Download New White Paper