Spectre, Meltdown bug impacts nearly every computing device (Yes, even yours)

Written on Jan 18, 2018

By Molly Ryan Kowaleski, content & community manager

IntelBug180118Almost all systems utilizing Intel, AMD and ARM chips, including PCs, Linux devices, Apple iPads and iPhones, Macs, Android phones and most other mobile devices could be impacted by the recently discovered vulnerabilities, Spectre and Meltdown.

But don’t panic just yet: updated security patches are being released by affected vendors. According to David Reedy, senior consultant at CyberRisk Management, the most important thing companies and individuals should do is apply new software updates when available. The issues are a few of several vulnerabilities that continue to be identified and remediated.

“To put this in context, we receive a weekly report which identifies new vulnerabilities and, on average, there are between 75 and 100 each month,” he explained.

Fortunately, no one has exploited these vulnerabilities, yet, but they are undoubtedly working on it, Reedy said.

“Although these vulnerabilities are hardware-based, I am not aware of anyone recommending a rush to install new hardware, yet,” he said. “I would advise applying all appropriate software updates to browsers and other related applications and monitoring the status of processor firmware updates.”

Intel was expected to release updates in mid-January to further limit the vulnerabilities at the chip firmware level, so Reedy recommends waiting until then to more clearly see how your device will be affected.

While patching the vulnerability is recommended, one unexpected downside to doing so is that you might experience a serious slowdown in processing speed. You can then either live with that slowdown or replace the hardware, which could get expensive quickly.

“All organizations need to work with their IT staff to assess the impact of these vulnerabilities on their systems and to implement tests of patch updates to evaluate any unacceptable performance impacts,” said Reedy.

He also recommends implementing a formal vulnerability management program to identify new vulnerabilities on an ongoing basis and to make sure they have an appropriate patch management process in place, as well as other recommended components.

Since malware will likely be used to exploit this vulnerability, Reedy advises to beware of fake Meltdown or Spectre patch emails. These may be phishing scams that will cause more damage.

He recommends new security awareness training along with updated policies, which you can read about here, to protect your organization from these types of attacks.

CyberRisk Management helps companies address these issues and align IT support/controls with overall risk management policy and governance. They provide security risk assessments and annual security risk management plans, as well as security training programs and assistance with written information security policies. To learn more, contact them at info@cyber-riskmgt.com.

Leave a comment