Researchers revealed last week there is a design flaw within most computer processing units (CPUs) that can be exploited (but there’s no indication anyone actually has…yet) by nefarious parties. The first vulnerability is called MELTDOWN affecting most Intel and some ARM processors by “melting” security boundaries between applications and operating systems (e.g., Microsoft Windows, Apple OSX and iOS Linux, etc.); SPECTRE is a second concern that affects AMD, Intel, Qualcomm, and ARM processors by breaking the isolation mechanisms tasked with separating different applications.
NPS is actively keeping current with the most recent research on these two worldwide challenges and planning appropriate measures to protect business systems. Nearly every computer, laptop, mobile device, cloud system, and server are affected; top possible targets may be through web browsers like Google Chrome, Microsoft Internet Explorer and Edge, Apple Safari, and Mozilla Firefox.
Presently, we recommend patching your personal equipment as thoroughly as possible UNLESS YOU HAVE AN AMD PROCESSOR (Microsoft’s initial patch for Spectre bricks some AMD computers). Anti-virus products presently do not offer a defense against anything that may exploit these vulnerabilities and have to go through some updates of their own. When reports first came out, researchers warned patched systems could degrade system performance up to 30%, but latest analysis by Google, Microsoft Azure, and Amazon have not corroborated this initial concern as they patch their cloud offerings.
- Internet Explorer/Edge have patches available now
- Chrome 64 will be released January 23rd and will include protections from Meltdown and Spectre
- Mozilla Firefox 57 offers a “partial, short-term mitigation” for these vulnerabilities
- Apple Safari does not have an update as of this writing, but expect to see it available soon for both macOS (computers) and iOS (iPhone/iPads) versions of the browser
- Android users of Pixel or Nexus devices can expect patches sometime this month
NPS will be tracking this development and posting updates regularly. If you have any questions, please let us know.