This week, a major announcement about two chip flaws—called Meltdown and Spectre—made headlines that have the potential to impact billions of devices around the world. The flaws exist in what is regarded as the “brain” of devices.
According to a CNN article, researchers are saying that “almost every computing system—desktops, laptops, smartphones, and cloud servers—is affected by the Spectre bug. Meltdown appears to be specific to Intel (INTC) chips.”
What does this mean to you? These flaws give the potential for hackers to view sensitive data stored in the privileged memory of your device. Think information like passwords and credentials, among other sensitive data, in the hands of attackers.
At Carousel, we’ve been fielding several questions from clients about this issue and how they can best protect themselves (and their sensitive data). We’ve compiled a Q&A of some of the most pressing questions…
Have questions about improving your security program? Well-versed in every layer of security, our experts will evaluate, recommend and deploy the latest next-gen security. Click to learn more.
What are the Meltdown and Spectre flaws?
Meltdown and Spectre are hardware vulnerabilities that allow an attacker running unprivileged code to read from privileged memory. For example, it could permit a user-mode program to read entire kernel memory. Cybercriminals could use this as part of a privilege escalation attack or, in some cases, it can be used for remote exploits. Malware that aims to leverage this vulnerability would first need to gain access to the host and execute like any other malware.
How can the flaws be exploited by cybercriminals?
These vulnerabilities can be leveraged by cybercriminals to read privileged memory, for example, leveraging the vulnerability as part of a privilege escalation exploit in order to take over the affected systems. Spectre can also be leveraged as part of remote exploitation scenario, for example, an attacker can use Spectre in combination with other known vulnerabilities to remotely read/harvest any information being accessed at that point-in-time (like passwords, usernames, sensitive information).
Ready to explore next-gen security or managed services to help stay ahead of threats? Learn more.
What systems are impacted by Meltdown and Spectre?
The Meltdown vulnerability is strictly a vulnerability for Intel Processors. The Spectre vulnerability affects all server, workstation, and mobile devices, as well as operating systems like Windows, macOS, and Linux. Spectre was shown to work on Intel AMD and ARM processors.
Are there implications to patching Meltdown and Spectre?
The OS, browser, and antivirus software patches that have been released to date help mitigate the attackers’ capability to read privileged data from the operating system memory. It is expected that firmware updates will also be made available from chip manufacturers. Please note that it has also been found that the Microsoft patches are not fully compatible with antivirus applications, causing patch deployment failures or “blue screen of death”. Antivirus compatibility should be reviewed.
Will antivirus or malware protection help with Meltdown and Spectre vulnerabilities?
Endpoint protection will not defend against Meltdown and Spectre vulnerabilities explicitly, but may detect and stop malware attempting to exploit these vulnerabilities.
Which types of defenses can I use against the effects of Meltdown and Spectra flaws?
Organizations can do the following to protect against these vulnerabilities:
Gain insight into the most effective next-generation security solutions here.
Announcements
Our teams across the country have been supporting their communities in innovative ways. From volunteer events to charity golf tournaments — we have a roundup of how NWN Carousel employees are making an impact. Our expectations have significantly changed. COVID-19 compelled many of us to reconsider what’s important in our lives. This has led to […]
10.19.2021
Announcements
NWN Carousel is thrilled to be among the top 30 small-to-mid-sized companies in the country to be recognized by Comparably for 2021 Work-Life Balance! The awards are selected based on employee opinion in nearly 20 core culture categories. We ranked #28 on this year’s list. At NWN Carousel, we pride ourselves as being a culture that […]
10.13.2021
Announcements
As you plan your return to the office, focus on these factors to maximize productivity and collaboration, while facilitating a sustainable work-life balance. As organizations begin implementing various models of hybrid working, employees need improved strategies to navigate this change. The always-on nature of our interconnected world led to blurred lines between our work and […]
6.28.2021
Announcements
In an earlier post we looked at typical headcount costs and other expenditures to build and maintain the full scope of cybersecurity capabilities in-house. Those figures often put a completely internal team out of reach, but the good news is that a strong cybersecurity strategy doesn’t need to be an all-or-nothing effort. Here we’ll explore […]
5.27.2021
