The recently disclosed Meltdown and Spectre vulnerabilities negatively impact the security of virtually every computer in the world today. These vulnerabilities allow an attacker to gain control of a computer’s processor and steal data located on that computer. Organizations that store data in the cloud are particularly susceptible.
- The greatest area of risk is in shared-hosting scenarios. Fortunately, most cloud providers have already deployed security updates and those that haven’t are expected to do so shortly.
- What makes these vulnerabilities most notable from a risk assessment point of view is breadth of exposure. Since these potentially affect nearly every device with a modern processor, that means that full mitigation and remediation may not be possible. Older systems (like Windows XP) and devices (like older Android smartphones and IoT devices) will likely never receive fixes for these vulnerabilities.
- These vulnerabilities present a unique situation because they ultimately are hardware-based vulnerabilities. All three stem from issues in modern processors and are known to affect Intel and AMD chips.
- Because these affect processors, this means that the operating systems and applications that run on top of these processors are vulnerable.
- Because these vulnerabilities affect the processors at the physical layer, the only way for the vulnerabilities to be fully addressed is for the processors to be replaced or to have a firmware update.
- Until then, the makers of operating systems can (and have) released patches that make the physical-layer vulnerabilities inaccessible. For all intents and purposes, it “patches” the vulnerabilities.
ACE IT Solutions is taking the following actions in response to this event:
- Confirming with our shared-hosing providers that they’ve applied security updates to address these vulnerabilities.
- Ensuring that security updates are deployed to all our clients’ systems and devices as soon as they’re available.
- Advising clients to consider retiring outdated systems and devices that will not be updated as soon as possible.
- Encouraging all our clients to use comprehensive network and endpoint security that can help prevent attacks that seek to exploit these vulnerabilities.
As always, we will continue to watch this event closely and provide any updates that we can.
Find more technical details: https://meltdownattack.com/
Contact ACE IT Solutions at 646.558.5575 and we can help address any concerns you may have about the Meltdown and Spectre attacks.