Have you heard of Meltdown & Spectre?

Drew Laroche

As you may be aware, the United States Computer Emergency Readiness Team (US-CERT) released  a new vulnerability threat referred to as Meltdown & Spectre.  This high-impact vulnerability affects most users that have a modern computer and  has the potential to leak passwords, as well as sensitive data.

Threat Overview

Vulnerabilities in modern computers leak passwords and sensitive data.

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

[/vc_column_text]

Overview of Meltdown:

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.

Overview of Meltdown:

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.

Impact to You

Am I affected by the vulnerability?
Most likely, yes.

Can I detect if someone has exploited Meltdown or Spectre against me?
Probably not. The exploitation does not leave any traces in traditional log files.

Can my antivirus detect or block this attack?
While possible in theory, this is unlikely in practice. Unlike usual malware, Meltdown and Spectre are hard to distinguish from regular benign applications. However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known.

What can be leaked?
If your system is affected, the exploit can read the memory content of your computer. This may include passwords and sensitive data stored on the system.

Next Steps

We recommend that you reach out to our Service Desk for further assistance. Our Service Desk can implement the security patch to your devices to resolve the vulnerability.

Additionally, we offer Managed Service plans that mitigate and resolve these issues as they arise automatically for your organization. If you are interested in learning more about our Managed Services, please contact the Service Desk and we will get you connected with your Technical Account Manager.

Call our Service Desk Today

Reach out to our Service Desk for further assistance. Our Service Desk can implement the security patch to your devices to resolve the vulnerability.

302-645-7770, Option 1

Leave a Comment

Is Your Health Organization Prepared for a Cyber Attack?Why Every Business Needs a Backup Recovery Plan