Security Vulnerabilities – Meltdown and Spectre

With all the security vulnerabilities coming to light in the recent months we decided to discuss two massive security vulnerabilities in all computers.  Meltdown and Spectre exist in the CPU hardware itself, windows, Linux, Android, macOS, iOS, Chromebooks and other operating systems. These two vulnerabilities are hardware based in modern CPUs and are forcing a redesign of the kernel software in all major operating systems.  Patching the vulnerability can negatively affect your PC’s performance.

What does Meldown and Spectre affect, and How can you protect your data?

Meltdown and Spectre let attackers access protected information in your PC’s kernel memory, potentially revealing sensitive information like passwords, photos, email, and anything else you’ve used on your computer. These are serious flaws. As soon as these flaws were discovered, CPU and operating system vendors pushed out patches fast.  If you have automatic updates turned on, the patches have already been applied to your computer. However, this isn’t a quick fix and your done type of vulnerability. They’re two very different CPU flaws that touch every part of your operating system, from hardware to software.

Here’s a step-by-step checklist, followed by the full process.

•         Update your operating system
•         Check for firmware updates
•         Update your browser
•         Update other software
•         Keep your antivirus active

First, and most important: Update your operating system ASAP. It’s an issue with the hardware itself, but the major operating system makers have rolled out updates that protect against the Meltdown and Spectre CPU flaws.

Microsoft pushed out an emergency Windows patch late in the day on January 3. If it didn’t automatically update your PC, head to Start > Settings > Update & Security > Windows Update,

A new window will open telling you if your system needs updating or if your system is up to date.

Microsoft pushed out an emergency Windows patch late in the day on January 3. If it didn’t automatically update your PC, head to Start > Settings > Update & Security > Windows Update, then click the Check now button under “Update status

Apple quietly worked Meltdown protections into macOS High Sierra 10.13.2, which released in December. If your Mac doesn’t automatically apply updates, force it by going into the App Store’s Update tab. Chromebooks should have already updated to Chrome OS 63 in December. It contains mitigations against the CPU flaws. Patches are also available for the Linux kernel.

You also need to install CPU microcode/firmware fixes to protect against one of the Spectre variants, which can’t be fixed by operating system patches alone. Intel released firmware updates for most of its processors released in the past five years—but the “fix” could cause reboots and instability. Please be sure to backup all data before proceeding. Also, please be advised the operating system and CPU firmware patch combo will slow down your PC.  Intel expects the impact to be small for most consumer applications.

AMD will release CPU firmware updates. However, you may want to wait until AMD’s microcode update is tested and benchmark before deciding whether or not to apply it to your system.  

Getting firmware updates can be difficult because firmware updates aren’t issued directly from Intel and AMD. They are released by the company that made your laptop, PC, or motherboard—such as Dell, HP, Acer etc. Most computers and laptops have a sticker with model details somewhere on their exterior. Find that, then search for the support or downloads page for your PC’s model number.

Update your browser

You also need to protect against Spectre, which tricks software into accessing your protected kernel memory. Intel, AMD, and ARM chips are vulnerable to Spectre to some degree. Software applications need to be updated to protect against Spectre. The major PC web browsers have all issued updates as a first line of defense against nefarious websites seeking to exploit the CPU flaw with Javascript. Make sure your browsers are up to date.

Install all updates

Apply all newly available software updates in the coming weeks, especially if it’s somehow tied to hardware. If your printer, SSD, or system monitoring software pushes out an update, install it.

Here is a video that explains Spectre and Meltdown https://www.youtube.com/watch?v=syAdX44pokES

Stay Safe,

Megabite