Last week, you may have seen news headlines regarding computer processors manufactured by Intel, AMD, ARM, and Qualcomm. This was a result of the discovery of a major design flaw in the way almost all processors handle data. If exploited, an attacker could gain access to sensitive data.
From The Guardian
Serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processors designed by Intel, AMD and ARM.
The flaws, named Meltdown and Spectre, were discovered by security researchers at Google’s Project Zero in conjunction with academic and industry researchers from several countries. Combined they affect virtually every modern computer, including smartphones, tablets and PCs from all vendors and running almost any operating system.
Is there a fix?
Both Spectre and Meltdown were actually discovered in June 2017 and July 2017 respectively. Google and Intel were going to release statements about these flaws this week (01/09/18), but the information was leaked, prompting the early announcements.
The reason they wanted to wait, was to give hardware and software vendors time to create fixes. So, the good news is that most modern operating systems have been releasing patches over the last few days.
Note: Older, end of vendor support (EOVS) operating systems, may never get patches. We are reviewing some of the older servers we support and may contact you to discuss options.
What does this mean for me?
In a nutshell, this means that pretty much everything needs to be patched.
To Be Done in the Near Future: As mentioned, most modern operating systems already have patches available. We are in the process of reviewing your servers’ patch level and will make arrangements for out-of-cycle patches for all physical servers if necessary. This may require some downtime, but we will make sure the downtime is a convenient as possible. In other words, we are not going to wait until the next regularly schedule patch cycle.
Already Done: If we host your website, all Web Servers have already been patched.
After the patches, are we good?
Maybe. Unfortunately, ‘maybe’ is the best answer we can provide for now. Industry experts still do not know exactly how much of an impact these patches will have on processing power. Initial testing indicates that the impact will vary a great deal, mostly depending on the processing workload. For a standard user, the impact is likely negligible, however, for a power user, there could be up to a 30% impact.
What else can I do?
As mentioned, this design flaw affects nearly all modern processors. This includes PCs, servers, laptops, tablets, smart phones, smart watches, and more. Over the next few weeks, if you notice performance issues, please open a ticket in one of two ways (described below). We will need to review your case on an individual basis.
- Navigate to https://www.helpdesk.centracomp.com/
- At our new helpdesk portal, you can open a new ticket and check ticket statuses for any tickets you have already opened.
- If you send an email to helpdesk @ centracomp.com, it will automatically open a new ticket and send you a reply with a ticket number.
Information Security continues to be a top priority at CentraComp! It is important to stay current with your Carbonite subscriptions to maintain a solid backup plan and your WebRoot antivirus subscriptions to maintain a secure environment. These tools work!
If you have any questions, please feel free to contact us at helpdesk @ centracomp.com.