Protecting CT customers - what you need to know right now about Meltdown & Spectre

As you may have recently heard, serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processers designed by Intel, AMD and ARM. The flaws are named Meltdown and Spectre, and combined, they affect virtually every computer, smartphone, tablet and PC.
To get up to speed, CT recommends you have a read of the article from the BBC http://www.bbc.co.uk/news/technology-42564461 and the Verge which includes Microsoft’s official statement. https://www.theverge.com/2018/1/3/16846784/microsoft-processor-bug-windows-10-fix
We would like to take this opportunity to reassure all CT customers that we continue to provide the highest levels of data protection and security available and that all patches for Windows included within the contract will be automatically set to install as soon as they are released. The Firmware and VMware updates, however, require manual installation, and once released, CT customers will be advised and can request this installation.
We recommend to any business that the Microsoft, VMware and Apple security patches are installed as soon as they are released and that any Firmware updates released by hardware manufacturers are installed to provide you with the greatest levels of protection possible.
CT also requests that all customers remain vigilant and do no open e-mails or attachments from unknown sources and are cautious not to click any unknown web links. If in doubt do not open the file or click the link.
To provide a quick overview we have pulled out some key points for you below. Any questions, or if you have any concerns, please speak to your account manager in the first instance.
The vulnerability
There are two separate security flaws, known as Meltdown and Spectre. Meltdown affects laptops, desktops and servers with Intel and ARM Chips and Spectre affects all modern chips for example in Smartphones, tablets, computers and servers.
To date there has been no known exploits of the vulnerabilities. The risk is that now the vulnerability is known, it will begin to be exploited and should therefore be taken seriously – the Meltdown flaw is very easy to exploit.
The current impact is largely unknown but MS has suggested that it’s security patch may cause some slow down in the performance of their computer, smartphone or tablet in some instances.
The Risk
Both Spectre and Meltdown utilise the “speculative execution” which is central to most CPUs produced in the last 20 years, so all un-patched computers and servers should be considered at risk.
Workstations, mobile devices and remote desktop servers with the possibility of an end user inadvertently introducing an exploit (by downloading a malicious item or clicking a malicious link) are the principle risks.
The flaw would then allow the malware to then access data stored in the CPU cache that should be protected – such as passwords and other confidential information. The Meltdown flaw presents a greater threat as it can be exploited even by JavaScript on a webpage without the user downloading any software, simply visiting a compromised website could disclose sensitive information to a 3rd party.
What are the manufacturers doing?
This is fluid and more patches and firmware updates will be released over the coming months.
Microsoft is releasing security patches over the coming week – Windows 10 is already released.
Microsoft will not release patches for unsupported operating systems such as Windows XP and Server 2013 leaving these systems exposed. If you are still running one of these older versions we suggest you speak with your account manager about migration options available.
Apple is releasing a security patch for its most recent operating systems.
VMware has released a security update.
Many hardware manufacturers are releasing firmware updates to help address the issue.
- Recent Posts
- Congratulations to Lewis Briggs, CT’s Employee of the Month!
- CT Crowned Veeam's VSCP Partner of the Year
- Archives
- March
2018 - February
2018 - January
2018 - December
2017 - November
2017 - October
2017 - September
2017 - August
2017 - July
2017 - June
2017 - May
2017 - April
2017 - March
2017 - February
2017 - January
2017 - November
2016 - October
2016 - September
2016 - August
2016 - July
2016 - June
2016 - May
2016 - April
2016 - March
2016 - February
2016 - January
2016 - December
2015 - November
2015 - October
2015 - September
2015 - August
2015 - July
2015 - June
2015 - May
2015 - April
2015 - March
2015 - January
2015 - December
2014 - November
2014 - October
2014