Meltdown and Spectre vulnerabilities – the essentials
By Edmond Egan
2018-01-09
As you may be aware by now, a pair of flaws, codenamed “Meltdown” and “Spectre”, have recently been discovered in the design of almost every central processing unit (CPU) chip in use today. In the interests of keeping you, our customers, informed of security issues that might affect you, we’ve put together this short guide to cover the essentials in as simple and jargon free a manner as possible.
What are Meltdown and Spectre?
Meltdown and Spectre are the codenames given to a pair of vulnerabilities which were recently discovered in the design of CPU microchips. These vulnerabilities allow malicious computing processes to access normally protected memory, including potentially sensitive information such as passwords, for example.
Meltdown is the simpler of the two vulnerabilities to exploit, but is also much easier to protect against. Spectre is more complicated and not as easy to detect and protect against, but also more difficult for malware to exploit.
What devices are at risk?
With a few exceptions, just about every computing device that uses a CPU made since 2005 is potentially at risk. This includes desktop PCs and laptops running Windows and Linux, Apple Macs, Macbooks, iPads, Android tablets and mobile phones, servers and many other devices.
Are VeryPC products affected?
Yes. All computers with modern processors are affected, regardless of brand. We are in communication with our partners, such as Microsoft and Intel to ensure that we have the most up to date information and can offer the best advice to our customers.
What is being done to fix this?
Microsoft have already released a patch for Windows 10 which protects against the Meltdown vulnerability. Other operating systems such as Linux, macOS, iOS and Android have been/are being updated to protect against Meltdown exploits. Anti-virus software is being updated to be compatible with the fixes. Meltdown is not expected to be a problem for more than a few days or so.
Spectre is less likely to have a universal fix in place anytime soon, as fixes are required at many levels. Application, operating system and BIOS updates will be required to protect against the Spectre vulnerability, and these will be rolling out over the next few days, weeks and months.
What can I do?
Make sure that you follow the appropriate guidance from your hardware / software vendors and deploy the appropriate security and firmware updates to your hardware and applications. These updates will protect against the Meltdown exploit and minimise your risk of being affected by Spectre.
Further ways you can protect yourself are by using additional layers of digital security to detect, block and prevent malware from finding its way onto your computer.
VeryPC Warranty Customers
If you are concerned about the vulnerability of your VeryPC hardware, please feel free to raise a case with our services team by emailing warranty@very-pc.co.uk and we’ll be happy to advise.
VeryPC Managed Support Customers
If you are a VeryPC Managed Support customer, our support technicians are currently testing and deploying the required security and firmware updates to your devices in line with our standard maintenance schedules to ensure that your devices are protected as well as possible.
We will be contacting individual customers who are using older hardware, where BIOS or security updates are not available from the manufacturer, to discuss other ways to resolve these issues.
Edmond Egan
Technical Solutions Manager
