As of late, a security hold has been issued to bring to light two major flaws in computer chips, leaving billions of devices (personal computers, smart phones, tablets, etc.) in an exposed and susceptible state. The discovered vulnerabilities, identified as Meltdown and Spectre, are found in central processing units of almost all devices (i.e.; Intel, ARM, and other leading partners) and have essentially resulted in exploitation of the processing environment and related components. More specifically, identified flaws could allow an outside threat to access sensitive data stored in the memory.
The obvious questions to be answered – How does this affect our clients? How does it affect us? Is there a quick, over-night fix? The answer to all revolves around three words – Educate, Respond, and Inform.
To bring these into action, the path towards resolution is staying in the know (Educate) of patches (updates to software applications and technologies) currently released and/or future releases by leading tech vendors; followed by their immediate install (Respond) on the device(s). Intel said last week that it is “rapidly issuing updates for all types of Intel-based computer systems” that include software patches and firmware updates that will “immunize” more than 90 percent of processors introduced in the past five years. By the end of this week those ambitious patching efforts will be complete, Intel said. Microsoft has also released a security update for Windows machines on Wednesday, January 3, to help further mitigate the risk. All major browsers such as Google, Firefox, Safari, Windows Internet Explorer, and Windows Edge have all released patches as well.
Where does this leave you as our client? Dependent on your size and operational investment towards IT and risk management, this will vary. Some of you may have an internal team of your own, while others may outsource to a service provider (i.e.; Warren Averett Technology Group) to provision a patch management solution.
Last word to bring into action and most beneficial to you, Inform.
As of today, there are no known exploits in the wild impacting the vulnerable Intel, AMD, and ARM devices. However, tomorrow could hold a different truth as threats are constantly emerging. There is a responsibility in securing your company’s sensitive data (i.e.; financials, customer/personnel information, credit card data, medical records, etc.) through ongoing and regular reviews of your systems. Ensure you’re in the know of update releases as it pertains to their hardware and/or software applications and follow-up with your vendors.
Warren Averett Technology Group will continue to proactively monitor and deploy updates as they become readily available for those who’ve entrusted in our patch management solution. Coordination of minor downtime (if any) will be communicated with key users or your organization. For additional information, please feel free to reach out at the following: 334.386.4800 or firstname.lastname@example.org.
Marissa Sanchez is a Quality Assurance Associate with Warren Averett Technology Group and Dustin Smith is an Information Security Analyst with Warren Averett.