January 4th, 2018
You may have heard already but this week it has been disclosed that INTEL has a fundamental design flaw in their CPU design. This vulnerability also affects some ARM chipsets (ARM commonly used in tablets and smartphones) – Official INTEL Statement HERE:
In a nutshell, information or data that should be kept private between applications/services could be exposed and gathered by people with malicious intent. This could be passwords, security keys or other sensitive information. I say could be but there is already proof of concepts out there called ‘Meltdown’ and ‘Spectre’.
Google’s ‘Project Zero’ team discovered the flaws a while ago but it was only announced this week.
INTEL is working with all providers to provide patches and updates (But worth noting that there are some drawbacks expected as more than one fix going to be required.) Your virus software cannot really detect this vulnerability yet and you can’t really detect it either. There are no known exploits in the wild but this won’t take long in my opinion.
INTEL believes these issues will not have a big difference to their share price as the vulnerabilities are hard to exploit, and it probably won’t in the long term but it did have an impact when they initially announced the issues.
Here are two videos explaining the issues:
What Are Meltdown and Spectre?
Meltdown refers to the normal security boundaries in place that simply gets melted away with this vulnerability. Spectre refers to a very specific and technical feature in INTEL chip sets (and others) that try to predict what’s going to happen on the fly (speculative execution), when this works you have a great and fast experience. So this vulnerability will not be easy to fix and will haunt all of us for a long time (I believe a reference to the James Bond film Spectre)
How will this affect me?
This could affect you in a few ways and some systems are more sensitive than others.
If you have CMI’s VITA agent on your desktops you will get these patches as soon as they are released for your devices. If you don’t please contact us immediately to discuss your options. Some other items to consider are listed below:
1. Make sure you have a system in place to patch your machines
2. Make sure home workers or visitors on your networks patch their systems
3. Confirm with your cloud provider they have a plan to address this vulnerability
4. Review older hardware as they may have performance issues after being patched
5. Advise your users to be extra vigilant on clicking links from emails and untrusted sources, educate them.
If you want to know more information or would like a scan of your devices to discover how many could be affected please contact us – firstname.lastname@example.org
Other reference material
NB – ALL INFORMATION IS CORRECT AND UP TO DATE AT TIME OF POSTING.