A A Email Print Share

Critical Spectre and Meltdown Vulnerabilities

New security vulnerabilities were announced on 1/3/2018 that affect computer processors on virtually all modern computers and mobile devices. They are referred to as Meltdown and Spectre.

What do they affect?

These hardware bugs allow programs to steal data which is currently processed on the computer. This includes secrets stored in memory such as passwords, encryption keys, photos, emails, and business-critical documents.

Meltdown is a flaw affecting laptops, desktop computers and internet servers with Intel chips, and allows hackers to steal data, including passwords that have been saved in Web browsers.

Spectre is a bug affecting chips in smartphones and tablets, as well as computer chips from Intel and Advanced Micro Devices Inc. and allows hackers to manipulate apps into leaking sensitive information. While Spectre has been branded less dangerous than Meltdown, it is expected to be more difficult to patch.

What can I do?

As always, CTS recommends that you remain up-to-date on all patches and hotfixes for any computer hardware and software, as vendor patches are meant to help combat common exploits and reduce the liklihood of future cyber-security incidents.

For help updating your Windows OS: https://support.microsoft.com/en-us/help/311047/how-to-keep-your-windows-computer-up-to-date

For help updating your Mac OS: https://support.apple.com/en-us/HT201541

For help updating your iOS device (iPad, iPhone, iPod): https://support.apple.com/en-us/HT204204

For help updating your Android OS: http://www.ubergizmo.com/how-to/update-android-os/

Additional Information:

NYTimes article detailing the flaws: https://www.nytimes.com/2018/01/03/business/computer-flaws.html

The official page of the vulnerabilities: https://meltdownattack.com/

Microsoft patches causing issues with certain processors: https://betanews.com/2018/01/08/microsoft-meltdown-spectre-patch-bricks-amd-pcs/

Microsoft pauses updates after consumer issues: https://www.washingtonpost.com/news/the-switch/wp/2018/01/09/microsoft-pauses-amd-updates-for-spectre-and-meltdown-after-consumer-issues/?utm_term=.329569f92c40

Google says their patches are causing little impact to their services: https://www.theverge.com/2018/1/4/16851132/meltdown-spectre-google-cpu-patch-performance-slowdown

More information will be forthcoming as it becomes available.

If you have questions, please contact the CTS Help Desk at help@duq.edu or by calling 412.396.4357 / Toll Free: 1.888.355.8226