By now you may have heard about two computer vulnerabilities nicknamed ‘Meltdown’ and ‘Spectre’. These are caused by a physical vulnerability in the processor chips installed in every modern computer for the last 10 years. Both manufacturers Intel and AMD are affected.
This vulnerability allows an attacker to view information they shouldn’t be able to. For example, they could see a password as you type it in real time.
Unfortunately, the only way to truly fix the problem is to replace the physical processor in the computer. Software vendors are scrambling to patch Windows, Linux and Mac operating systems to provide some level of mitigation, but this will only mitigate the issue, not resolve it.
The Roland Schorr team will be installing mitigation patches as they become available for our clients. These patches require two updates, one to the operating system and one to firmware of the processor (called a microcode update).
- Mitigation patches are being provided for Windows 7 SP1, 8.1, 10 and Windows Server 2008 R2, 2012 R2, 2016
- At this time Microsoft has indicated they will not provide updates for older operating systems (Windows XP, 7 RTM, 8.0, Vista, Windows Server 2008 and Windows Server 2012).
All vendors, including cloud providers like Amazon (AWS), Google and Microsoft (Azure) are significantly impacted by this. Applying the security patches will require a reboot of all machines including cloud servers. Expect your favorite cloud-based applications to become unavailable for short periods of time over the next few weeks. In addition, early reports indicate that these patches may cause some performance impact. How much depends on the applications you’re running and how they interact with the processor. Please notify us of any noticeable system slowness so we can document which systems need to be replaced.