Beware of Meltdown Computer Vulnerability

Chris EdwardsBy Chris Edwards
Manager, IT Services

A critical new vulnerability in computer systems has been revealed that could pose a significant threat at any person or organization that wants to safeguard its private information. Called Meltdown, it’s the hottest topic right now in information technology circles.

Meltdown lets an attacker access any information in your computer’s memory, including passwords, financial data and anything else you’ve accessed or used on your computer. It is severe, and it can be executed remotely. This vulnerability may also affect some smartphones and tablets.

Meltdown is not a virus, but a vulnerability in the processing chips made by Intel after 1995, which are used in many computers running the Microsoft, Apple or Linux operating systems, as well as some mobile devices.

Without getting too deep into the technical weeds, Meltdown breaks down modes and processes running on the same device, allowing a rogue process (possibly triggered by a website) to access memory it shouldn’t be able to. A similar but less severe vulnerability called Spectre was revealed around the same time, but it is much more difficult to perform.

The major operating systems are all working furiously on patches to address the Meltdown and Spectre vulnerabilities, and should be available soon. Look for an alert with instructions from your company’s internal IT team or contractor about how to install this important patch.

The downside is that fixing this vulnerability will significantly reduce the performance of the computer. You can expect anywhere from a 10% to a 30% performance reduction, based on current estimates.

Google discovered these vulnerabilities six months ago, and notified the manufacturers and operating system creators. AMD processors are not affected by this particular vulnerability. Some ARM processors are affected, but most are not.

If your Android device has the latest security patches, it should already be protected, but Android phone manufacturers often do not issue updates in a timely manner. Apple iPhones and iPads use their own processors, and are not listed on the vulnerability list.

In the meantime before the patches are released, remain extra vigilant about clicking on strange links or opening unfamiliar files. To execute Meltdown, someone has to be able to run a program on your computer, generally through some other vulnerability.

Keep running ad-block software in your web browsers, or install it if you don’t already have it. And don’t visit websites that ask you to turn it off. Be wary of all files sent to you via email, including through ShareFile or similar file transmission services.

If you need to consult with an information technology expert about the vulnerability of your organization’s systems, please call Chris Edwards at (317) 613-7855 or email cedwards@sponselcpagroup.com.

Comments are closed.

Popular Tags