Microsoft, Linux, Google, and Apple started rolling out patches addressing design flaws in processor chips that security researchers named Meltdown and Spectre.
What are Meltdown and Spectre?
Meltdown can enable hackers to gain privileged access to parts of a computer’s memory used by an application/program and the operating system (OS). Meltdown affects Intel processors.
Spectre can allow attackers to steal information from the memory of running programs, such as credentials (passwords, login keys, etc.). Spectre reportedly affects processors from Intel, Advanced Micro Devices (AMD), and Advanced RISC Machine (ARM).
What is the impact?
Intel processors built since 1995 are reportedly affected by Meltdown, while Spectre affects devices running on Intel, AMD, and ARM processors. The potential impact is far-reaching: Desktops, laptops, and smartphones running on vulnerable processors may be exposed to unauthorized access and information theft. Cloud-computing, virtual environments, multi-userservers-also used in data centers and enterprise environments running these processors are also impacted. While these exploits exist, Intel and Google reported they have not yet seen attacks actively exploiting these vulnerabilities so far.
Is there a fix?
Microsoft issued a security bulletin ahead of their monthly patch cycle to address these vulnerabilities in Windows 10. Updates/fixes for Windows 7 and 8 have also been deployed as of January 9th. Microsoft and Google vulnerability patches are executed on ScottTech development systems as each releases their patches. The Microsoft and Google companies are presently working to fix any vulnerabilities identified. ScottTech, a Microsoft Silver Competency Partner, will continue to enhance and streamline its products to operate in whatever the current Microsoft//Google levels are.
Email reports of issues with ScottTech software after running any Microsoft or Google updates to <a href=”email@example.com”>firstname.lastname@example.org</a>. A support ticket is automatically created upon receipt of your email.
Meltdown and Spectre Intel Processor Vulnerabilities (this is a pdf)