Recent threats have surfaced known as ‘Spectre’ and ‘Meltdown.’ These vulnerabilities could exploit modern processors. We wanted to take a moment to share some important details of these vulnerabilities so that you can ensure that your business is not at risk.
Spectre and Meltdown are the names given to different variants of the same vulnerability. If exploited, these threats could result in a virus or malware being written to make changes to a system’s protected memory and therefore, access the core internal workings of Windows itself and, any data the system has access to. In less technical terms, this means that these vulnerabilities allow programs to steal data which is currently processed on the computer.
In order for these exploits to be fully utilized requires: (1) NO current antivirus software (2) Windows Data Execution Protection to be turned off.
The goods news is that patches for most desktops and mobile operating systems have already been issued. The most recent update to our antivirus program looks for and blocks many known attacks that could utilize the exploits noted above. Further, a Windows update has been pushed forward to prevent any practical use of Meltdown. Currently, our centralized services and project engineering teams are reviewing released bulletins and patches from our primary vendors and determining the best deployment strategy with the least potential performance impact to complete Spectre mitigation steps.
At this time, we are urging all employers to ensure that no one within your organization visits “untrustworthy” websites or run software that is not from a trusted vendor.