Meltdown/Spectre - Are you up to date?

You may already be aware of the Meltdown/Spectre vulnerabilities that have recently been in the news. It was announced that Intel CPU’s have a design flaw that poses security risks called Meltdown and Spectre.

In a nutshell, data that was assumed to be protected in your machine may be exposed to access and attack.

Since the initial announcement, it has been expressed that Intel processors manufactured over the last 10 years are affected as well other processor brands including ARM and AMD.

The end result is that desktops, laptops, servers, tablets and phones running OS’s from Microsoft, Apple, Google (Android) and Linux are all candidates for exposure.

The team here at Teccweb have been following the story closely and have reached out to Epicor to see if they have any comment or actions we should be taking on behalf of you and the rest of our customer base.

Mark Kemeny, one of Teccweb’s technical experts shared the following advice.

“Steps to consider to remedy the situation include:

Stay current on the issue. Follow your favorite news source or IT forum to monitor developments.

Monitor instructions from your machine and OS vendor

Monitor the release of recommended OS updates. Most OS vendors are racing to mitigate the problem through OS updates. Some are already available, some are anticipated to be released soon. One concern is that the OS patches may reduce the machine performance in some instances. However, this is still preferable to being unprotected.

Monitor firmware updates for workstations, laptops and servers. It is expected that most machine vendors will release firmware or BIOS updates in response to this issue. Newer machines will probably get a priority over older ones.

Monitor application updates. One noteworthy category is web browsers who are taking active steps to protect against malicious JavaScript.
I think that popular web browsers update automatically, but it does not hurt to keep an eye on it.
Malicious JavaScript is one of the most serious threats.”

If you are interested in reading more on the subject:
https://www.wired.com/story/meltdown-spectre-bug-collision-intel-chip-flaw-discovery/
https://support.microsoft.com/en-hk/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
https://globalnews.ca/news/3947594/intel-meltdown-spectre-security-chip-flaw/
https://www.itworldcanada.com/article/patching-meltdown-spectre-take-your-time-or-get-to-it-fast/400448
https://www.itworldcanada.com/article/microsoft-warns-patches-for-meltdown-spectre-may-clash-with-av/400394