Security Advisory: Meltdown/Spectre
There has been much recent media coverage in relation to security vulnerabilities dubbed, ‘Meltdown’ and ‘Spectre’. These security vulnerabilities can exploit microprocessors, the ‘brain’ of a computer or mobile device. The vulnerabilities are also agnostic to the device manufacturer or which operating system it operates with.
Normally microprocessors employ a range of functions to speed up their operation. The Meltdown and Spectre vulnerabilities allow some of these functions to be exploited, which could lead to obtaining information about areas of microprocessor memory not normally visible.
The resulting impact of this means what would have normally been difficult for an attacker, such as recovering passwords, are theoretically easier. It must be noted, however, an attacker would still need to use malware (a malicious program) on a device to steal this data. It is important to note that no known exploits have been developed yet but are theoretically possible.
Although updates are already being distributed for these vulnerabilities by manufacturers, they often will come with a potential impact to system performance. Some devices, especially older PCs may show a noticeable slowdown in their speed.
C5 advise to install updates to all your device operating systems and applications, such as web browsers and office productivity software as soon as they become available. We advise that automatic updates are enabled so that future security measures are installed immediately, and to look out for further updates that have not already been released.
Windows users should note that you may need to update antivirus products before you can successfully install the Windows update that addresses these vulnerabilities.
Additionally, C5 recommend good security hygiene practices to prevent malware infections including; regular system updates, having up to date anti-virus software installed, taking backups of your files, never downloading any software you don’t explicitly trust and keeping to reputable websites. The Cyber Essentials scheme provides a set of good descriptive security controls in this area for businesses who want to meet a good security posture than will minimise their risk, C5 can help businesses attain this standard.
To chat with our team about how your business can implement Cyber Essentials, perform a security review or implement security solutions, please contact Jonathan Fry.