The latest in technological news presents two new security vulnerabilities affecting a wide range of computer systems. Both the Meltdown and Spectre vulnerabilities are a hardware issue and exploit the way that certain processors operate.
The Meltdown Security Vulnerability
The Meltdown security vulnerability affects various microprocessors, as well as impacting some cloud services and smart mobile devices. The Meltdown security vulnerability essentially breaks through a security process, giving a rogue process permissions to access all memory, with or without authorization, and it goes undetected when executed. Microsoft issued emergency security updates for Windows 7, 8.1 and 10 on January 3, 2018.
The Spectre Security Vulnerability
Virtually all CPU systems are vulnerable to the Spectre security vulnerability. Spectre takes advantage of a feature that most modern processors use called “branch prediction.”
Branch prediction attempts to predict which commands are most likely to be used by a program which it lines up into the “pipeline”, prior to final execution, as a way to speed up a system’s performance. When a prediction isn’t executed, it creates a sort of side channel through which an attacker could potentially use a timing attack to access and extract sensitive information.
Spectre represents an entire class of vulnerabilities which translates to several patches being needed to address the issues. Addressing Spectre isn’t a simple process and may take more time to address. Some protective procedures have already been implemented but may slow processor efficiency by as much as 2-14%.
Best Way to Protect Your Sensitive Data
While running updates is a temporary nuisance, it becomes painfully obvious for the need to immediately install them when issues such as the Meltdown and Spectre security vulnerabilities surface. If you don’t have your updates set to automatically download and install, you should strongly consider using this feature. An antivirus is also a must-have.
For help protecting your small- to medium-sized business network, contact CCSI today.