Meltdown and Spectre: Cybersecurity Vulnerabilities

January 12, 2018 2:05 pm

Computer security experts have recently discovered two major cybersecurity flaws in the microprocessors inside nearly all of the world’s computers including Windows, Linux, Android, and Apple devices. The two security flaws, called Spectre and Meltdown, could allow hackers to steal the entire memory contents of computers, including mobile devices, personal computers and servers. The Spectre and Meltdown vulnerabilities fall into the category of “low probability, but very high impact” exploits. There are no known current exploits of these flaws though it is likely only a matter of time.

We consider the Meltdown flaw enough of a risk that we will be applying patches from our vendors as they become available to us. Prior to applying patches, we are thoroughly testing for any adverse impact on either the performance or stability of computers as reported by first adopters of the patches. If you use a Partners standard Windows laptop or desktop (has Partners applications menu and screensaver), please keep your device connected to the Partners network or VPN over the next week to receive the updates.

There are multiple reports that the patches can impact system performance and compatibility. Due care should be taken to test changes, including consultations with vendors, to prevent any negative impact from the patches.

IT System Administrators are advised to test any patches prior to deployment. Testing should begin immediately.

For your mobile devices, and any non-standard or personally-owned devices for Partners' business, it is your responsibility to keep your device and software up-to-date. Here are patching and compatibility recommendations:

  • Several cloud vendors are already patching their systems aggressively, users of cloud infrastructure (AWS, Azure, Google etc) may still need to apply operating system patches
  • Patches have already been released for Microsoft Windows 10Apple macOS, and Linux to patch the Meltdown vulnerability. Microsoft will release patches for legacy operating systems next week.
  • Work is underway to develop a patch for Spectre. It is reportedly more difficult to patch but also more difficult to exploit.
  • Trend Micro Antivirus is still testing compatibility and has released a knowledge-base article with the status of their products and some steps to prepare for patching. See how to install Trend Micro Antivirus on Mac OS, Windows Computer, Linux Servers and Windows Servers.

If you have any questions, please contact the IS Service Desk.