The Most Recent Vulnerability: Meltdown & Spectre

Surely have you heard something about the latest exploit/vulnerability that is freaking everyone out.  The ‘freak out’ is legitimate, as it affects nearly all computer processors from the past 10 years.  The two CPU hardware vulnerabilities, Meltdown & Spectre, allow one program to see what another program is doing when it’s not supposed to.  Programs run in protected memory and Meltdown and Spectre are ways to access this data, which can be a big deal when the program is storing user names, passwords, personal data, etc. 

These vulnerabilities affect operating systems (MacOS, Windows, Linux) as this is a hardware level vulnerability.  Intel is affected by both, whereas AMD and ARM are affected by Spectre.  Some good news, in light of these problems, is that Meltdown can be patched at the operating system level which Microsoft, Apple and Linux have already published.  Spectre can only be patched via a BIOS update, which is a huge undertaking as all OEM manufactures need to send BIOS updates for computers spanning nearly 10 years. 

Now I’m sure you are thinking, ‘This sounds complicated and surely I’m not at risk.’  To be honest, a simple malware attack delivered to you via web browser or email can take advantage of the Meltdown and Spectre vulnerabilities and access your personal data, passwords, and user names.  Are your systems up to date?  Heiden has a global patch policy for its customers, which makes it easy for us to push out updates.  Our Webroot solution has built in web guard and real-time inspection so it can help deter unwanted web programs from running.  If something looks suspicious, we are notified and we react accordingly.

This is a prime example of why it is best to keep your systems patched and up to date.  Heiden can offer such services and maintenance to relieve you of that headache.  Feel free to reach out to us for a free 30-day trial of our managed services at 989.607.9108.  The proof is in the pudding.

Leave a Comment

Your email address will not be published.