Meltdown and Spectre Vulnerabilities


On Jan 3, 2018, a group of security researchers disclosed new security vulnerabilities that affect most CPU’s that are found in computers, tablets, smart phones and Internet connected devices such as smart washing machines. These vulnerabilities are called Meldown and Spectre.  Neither has been proven to be able to delete or alter data, although in theory, a compromised device could allow some data to be read, which might include passwords. There have not been any known instances of any malware that exists that could be used to exploit these vulnerabilities as of this date. 

Intel is downplaying the severity of the issues while others are claiming the risk is huge. Sound confusing? No kidding. 

What Could Happen

In order for the malicious code to gain access to the CPU, the computer or device must first be compromised by malware, which is typically injected when users click on Phishing links found in email or browse to infected websites. Microsoft did rush to release some patches that block access to the CPU but almost immediately users complained of blue screen failures and conflicts with some applications, leading Microsoft to restrict which computers will receive these patches. Microsoft has advised that the patches will change the way Windows talks to the CPU and that all devices will suffer some level of a performance hit. It is expected that server performance will be the most seriously impacted. 

We have confirmed that SonicWall firewalls are not affected by these issues based on the CPU’s they use and the way their operating system works, so BSC’s clients with SonicWall firewalls at least know they are not vulnerable to anonymous attacks via the Internet on their firewalls. 

What to do next? 

BSC Supported Equipment: BSC will continue to monitor multiple sources and will propose different actions for different clients, depending on their hardware and software in use. 

Smart Phones: You should receive prompts to update your phone and should approve and apply these updates as soon as possible. 

Personal Computers: Ensure your anti-virus software is running a current version and is up to date. Then apply all Windows Updates to your computer. 

This is not going to be a quick fix as so many different types of equipment are affected. Some will never get patched and we will have to live with the risk until the equipment is replaced at some point in the future. 

Be vigilant in spotting phishing email and avoid websites you are not familiar with. If you are viewing email on your phone and are uncertain about a link, wait to view the link on a computer. Hover over the link to verify the true path and that it is legitimate, before clicking on it. 

Let us know if you have any questions or concerns or would like additional clarification. 

Now, more than ever, employee IT security awareness training is a critical component to keeping your data and computer network as secure as possible.  Contact us to learn about our affordable, award-winning education program. 

January 12, 2018 7:46:21 PM


Leave a Reply

Your email address will not be published. Required fields are marked *



Getting your computer network, phones and software applications to work shouldn’t be a monumental project;
yet we constantly hear from frustrated organizations like yours who call us when they’ve finally
had enough of the poor services and excuses from their current IT support firm.

Our offer of a FREE Service ticket is a no-risk way of introducing our services.
Let us diagnose and work on the computer problem of your choice and
find out what over 25 years of service excellence feels like.

Accepting this free offer in no way obligates you to do any further business with us but of course we hope you will!

1. Because our resources are not unlimited, the free service ticket will cover a maximum of 2 hours of remote support for 1 service issue.
2. Since customers who are the best fit for our services have a minimum of 10 computers, this free offer only applies to organizations of this size.
3. This offer applies only to organizations who are not already a customer of BSC Solutions Group.

Please fill out this form and a BSC Solutions Group “IT Guardian Angel”
will contact you within 24 hours.