Spectre Meltdown

Much has been made in the press around the Spectre and Meltdown bugs specific to the CPU in the past week. There is quite a bit of overblown sensationalist information floating around regarding these and other exploits, so we thought it important to briefly discuss how this may affect current and future PC purchases.

These bugs are only viable under certain circumstances within specific environments.  To be clear, neither of these exploits are hardware flaws – they are exploits in attempts to read theoretically protected memory.  This does not mean that anyone can read your hard drive or other areas outside of the memory space.

Additionally, this is *not* a remote exploit and has to be run locally on the machine or through a malicious application. In fact, for these exploits to work, there are very specific circumstances involved, including a deep understanding of the relationships between variable data locations, and the actual content of the data.

The exploits do not allow for a takeover or modification to the machine, or the operating system, and as such is not malware, nor does it present itself as such. From the hacking standpoint, there is next to no risk to the end-user, or smaller computer areas, due to the amount of time, effort and necessity for local access.

For full protection, there are multiple operating system patches available that directly address this issue; however, please note that on AMD based systems, there are deeper issues and the patch could cause deep instability.  If you are on an Intel based system, we suggest you install the following patches:

Please be aware, that the patches are specific to Windows 10, and Microsoft is considering instituting a patch for Windows 7, but since it is end of life, they have not yet made the decision to do so.

There will likely be firmware updates to the BIOS soon to further mitigate the theoretical threat, but until that point, the Microsoft series of patches have shown to be very effective. If/when a firmware or BIOS update is available, we will update this article with that information. We are working with our board manufacturer partners to ensure proper testing is conducted before rolling out those updates.

The following two tabs change content below.

Robert Rife

Robert Rife is Chief Engineer at Velocity Micro. A twenty-five year I.T. veteran with deep experience in process optimization, computer manufacturing, and physical/electronic security, Robert understands financial ramifications of technical decisions and is able to readily translate business needs to technology solutions. Since originally joining Velocity Micro in 2006, has held multiple positions ranging from desktop support to production and on to advanced engineering. Robert holds many degrees including an MBA specializing in IT Management, Masters of Science in Information Security Assurance, and a Masters of Education in Curriculum Design. He is currently in his third year of a Doctorate of Science program focusing on Information Security. He also holds over 50 industry certifications and was awarded an Information Security Professional and Management certificate from the Committee on National Security Systems.

Latest posts by Robert Rife (see all)

2 thoughts on “Spectre and Meltdown Exploits – How are you affected?

  • January 11, 2018 at 1:09 pm
    Permalink

    It seems the term “exploit” is being used as a synonym for “bug” or “flaw”. This is not correct. An exploit of Spectre or Meltdown would mean bad actors are taking advantage of the flaw. While there are reports of proof-of-concept exploits, malicious code attacking the vulnerability is anticipated and is what has many tense about.

    Reply
  • January 12, 2018 at 3:58 pm
    Permalink

    Thanks for the clarification. Helps to have the threats put in perspective.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

five × 3 =