Much has been made in the press around the Spectre and Meltdown bugs specific to the CPU in the past week. There is quite a bit of overblown sensationalist information floating around regarding these and other exploits, so we thought it important to briefly discuss how this may affect current and future PC purchases.
These bugs are only viable under certain circumstances within specific environments. To be clear, neither of these exploits are hardware flaws – they are exploits in attempts to read theoretically protected memory. This does not mean that anyone can read your hard drive or other areas outside of the memory space.
Additionally, this is *not* a remote exploit and has to be run locally on the machine or through a malicious application. In fact, for these exploits to work, there are very specific circumstances involved, including a deep understanding of the relationships between variable data locations, and the actual content of the data.
The exploits do not allow for a takeover or modification to the machine, or the operating system, and as such is not malware, nor does it present itself as such. From the hacking standpoint, there is next to no risk to the end-user, or smaller computer areas, due to the amount of time, effort and necessity for local access.
For full protection, there are multiple operating system patches available that directly address this issue; however, please note that on AMD based systems, there are deeper issues and the patch could cause deep instability. If you are on an Intel based system, we suggest you install the following patches:
- January 3, 2018–KB4056897 (Security-only update)
- January 9, 2018–KB4056894 (Monthly Rollup)
- January 3, 2018–KB4056888 (OS Build 10586.1356)
- January 3, 2018–KB4056892 (OS Build 16299.192)
- January 3, 2018–KB4056891 (OS Build 15063.850)
- January 3, 2018–KB4056890 (OS Build 14393.2007)
- January 3, 2018–KB4056898 (Security-only update)
- January 3, 2018–KB4056893 (OS Build 10240.17735)
- January 9, 2018–KB4056895 (Monthly Rollup)
Please be aware, that the patches are specific to Windows 10, and Microsoft is considering instituting a patch for Windows 7, but since it is end of life, they have not yet made the decision to do so.
There will likely be firmware updates to the BIOS soon to further mitigate the theoretical threat, but until that point, the Microsoft series of patches have shown to be very effective. If/when a firmware or BIOS update is available, we will update this article with that information. We are working with our board manufacturer partners to ensure proper testing is conducted before rolling out those updates.
Latest posts by Robert Rife (see all)
- Spectre and Meltdown Exploits – How are you affected? - January 10, 2018
- The Dangers of Ransomware - May 8, 2017
- Web Security and Password Best Practices - March 29, 2017