Meltdown and Spectre

It’s not just computers you need to be worried about…this issue affects the security of a large number of devices.

If you haven’t already heard over the last week, there are two critical vulnerabilities in the microprocessors of most of the worlds computers (this includes your mobiles, tablets and most network attached devices) which go back a number of years.

These vulnerabilities allow an attacker to access the contents of a devices memory to read information stored there, this can include passwords. Note that on routers and switches etc. the vulnerability exists but is nigh on impossible to exploit.

Most vendors have been quick to respond to these threats, Meltdown is pretty much mitigated now by updating OS’s and Anti Virus products. ESET was one of the first security vendors to do this.

Spectre on the other hand is more complicated to fix but also more complicated to exploit thankfully.

There is no known malware at present exploiting these vulnerabilities though thats not so say they aren’t being worked on.

Meltdown for instance has been proven in a concept – See Michael Schwartz on Twitter https://twitter.com/misc0110/status/948706387491786752

Microsoft have released an update to mitigate the exploits but it comes at a cost, computer performance. It’s expected there can be anything upto a 30% performance increase after applying this update, though this is more likely for processor intensive applications like databases and video editing.

This is a small price to pay for security.

Note, computers used for day to day office and email/browsing tasks are unlikely to see much of a difference.

Our current advice is to make sure your anti virus software supports the OS updates, update your anti virus and then update your OS.

We recommend ESET not just because it was one of the first to mitigate this threat but it’s consistently one of the best endpoint security products available.

If you have any questions or concerns about your business security, get in touch and we can advise you on anything IT related that you need.

SBS IT are an IT Managed Service Provider and consultancy based in Croydon, covering London and the rest of the UK.