- Performing disciplined patching of everything that we have control over. This includes any Windows or Mac device that we have a TechCare agent installed on.
- Monitoring the industry news daily regarding the flaws and risks associated with them.
- Advising and taking appropriate action in a businesslike manner on future updates that will be needed.
Here is what YOU need to do:
- Patch everything that you have control over. This includes the operating system on your mobile phones, tablets, and home PCs/Macs.
Why this is important:
- Both the Meltdown and Spectre security flaws are the most widespread and troubling flaws ever found in computer systems. They affect nearly every modern CPU that has been manufactured in the past 20 years. Operating system manufacturers have released or are in the process of releasing patches to help mitigate the risk of the flaws, but the CPU manufacturers (chip makers Intel, AMD, ARM) ultimately need to fix the flaws.
- There are currently no known exploits for either of these flaws, but that will not remain the case. Spectre has an exploitability score of 1.1 out of 10, but based on the history of these types of flaws, it won’t take long for that to change. There are lots of highly motivated threat actors looking for ways to steal our data based on these flaws.
- We need to be vigilant and ensure that we understand what it takes to patch these flaws on every device that we have direct control over. If the flaw goes unpatched on any device, it will present a point of entry for future attackers. When I refer to device, think: anything that has a microprocessor in it.
What we know today:
- This is a major disruption for computer users worldwide.
- Meltdown and Spectre are two different things, but since they were disclosed by security researchers at the same time, they are being discussed and fixed together. The worldwide strategy for fixing them is disciplined patching.
- The flaws affect almost everything with a microprocessor in it, including the phone or computer you are reading this on.
- Because both flaws are hardware level (CPU) flaws, operating systems manufactured by Microsoft, Apple, Google, as well as open-source operating systems are all affected.
- Microsoft has released a patch for all supported operating systems to mitigate the risk. It is being deployed to Providence managed computers on Tuesday, Jan 16th. The patch may cause problems with some older hardware.
- Apple has also released an update to the Mac OS, and phone/tablet OS (iOS v 11.2.2).
- The Microsoft update breaks antivirus programs, so antivirus manufacturers need to update their software before the Microsoft update will install. TechCare managed PCs use a version of Symantec Endpoint Protection that has been made compatible with the Microsoft patch.
- There are known performance degradation issues with the Windows update on some CPUs, especially older systems running Windows 7 or 8 (your mileage may vary).
- We can get through it together, but need to understand that the patches that were released by Apple, Microsoft and others do not fix every issue with these flaws. The chip makers will provide firmware updates at a future date. When those are released, more disciplined patching will be needed!
Should you have any questions or concerns, please reach out to us at 517-679-3302, or email Jeff@MakingTechEasy.com