What is the Meltdown and Spectre Vulnerability?
Last week researchers discovered the main chip in most modern computers (CPU) has a hardware vulnerability. It's a design flaw in the hardware that has been there for years. Attacks to this vulnerability has been nicknamed Meltdown and Spectre. This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation. The Meltdown flaw only affects Intel processors, and researchers have already released proof of concept code that could lead to attacks using Meltdown.
It is important to know that this security vulnerability requires local access, and cannot be executed by itself remotely. Meaning that this can only be executed by a device on the local network or that has remote access to the network and the devices.
Why should I be concerned?
Meltdown and Spectre affects almost every computer in the world, including your workstation, servers and cloud computers that serve your web applications and web sites. If hackers are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good.
What can I do to stay secure?
Because this is a hardware bug, all operating systems will need to be patched whether it is Windows, Android or Apple. This includes the devices you use at home, meaning your laptop, desktop, tablet, smartphone and gaming systems could be affected. With regards to Microsoft Windows, to prevent a large number of issues, Microsoft has put a check into place to prevent the patches from being offered to any system that is running Antivirus software that has not passed the Microsoft compatibility check. YYCC recommends you keep checking for updated versions of your Operating System and Security software and be extra cautious on web sites and personal email. When in doubt, remember to keep your security top of mind and Think Before You Click.
What is YYCC doing in response to Meltdown and Spectre?
For all YeoCare Customers, YYCC is checking their antivirus to ensure they’re running the newest versions of software and virus definitions. After verifying the status of the antivirus, we are going to approve and push the patch from Microsoft to workstations.
Those who are not on YeoCare, you need to contact our helpdesk (firstname.lastname@example.org or 989.797.4075) to schedule a technician to assess you existing antivirus environment and determine the best next steps.