Meltdown and Spectre are bugs in the architecture of most modern processors produced since 1995. Meltdown is specific to Intel processors while Spectre affects Intel, AMD and ARM processors.
These bugs can be found in desktops, laptops, mobile devices, IoT devices and even cloud virtual machines where the underlying hardware is using an affected processor. Both bugs take advantage of “speculative execution” which allow them to read protected memory belonging to other processes, possibly disclosing sensitive information.
How vulnerable am I?
The good news is that both bugs require a malicious application to be running locally on the machine with an affected processor. They cannot be exploited remotely or from a malicious website.
Are fixes on the way?
Microsoft and Apple are already releasing updates to their current operating systems to fix the Meltdown bug. The Spectre bug may not have a fix anytime soon due to the complexity of modern processor architectures.
Apple reportedly fixed the Intel Meltdown bug in macOS High Sierra update 10.13.2 with additional updates coming in 10.13.3.
Microsoft has released updates to Windows 10 with updates to Windows 7 & 8 coming soon. They have also released updates to Server 2016, 2012 R2 and 2008 R2. Windows Server 2008 and 2012 have not, and may not, receive updates.
What should I do?
The most important thing is to keep your operating systems up to date and apply patches as they are released. If you are running an End of Life (EOL) operating system such as Windows Server 2008 (EOL 1/13/2015) or Windows Server 2012 (EOL 1/9/2018) then you should consider upgrading as soon as possible.
If you need assistance determining if you’re affected or applying the patches then contact us at https://noventech.com or (630) 595-5200.