Guidance and discussion on IT security and IT disaster recovery.
More information about Meltdown and Spectre flaws
- Chris HechtAdmin2018-01-09 at 6:27 pmPost count: 5
Since Hank’s posting, there has been a lot more information issued by manufacturers and software vendors. Ed Bott at ZDNet has a good article on what to do here
The bottom line is that the only way to completely eliminate the problems is with new CPU chips. This will take several years to design and build. What we need to do now is to reduce the possibility of code exploiting the flaws from running on our computers (and smartphones) – mitigating the risks. These flaws were discovered and disclosed in mid-2017, so companies have had several months to work on fixes. This is happening at three levels – firmware (BIOS) by computer manufacturers, operating system patches and browser upgrades.
Computer manufacturers are rolling out firmware updates now. It will likely take several months for them to release updated firmware for their more recent computers. If your computer is more than several years old, it will probably NOT get updated firmware. You will need to go to the manufacturer’s web site to check if there is updated firmware available. The major vendors are doing a reasonable job of providing information and timelines.
Most major versions of operating systems have updates/patches available. A good place to check is on the Bleeping Computer web site here. Apple and Microsoft have issued updates and/or patches. Note, Apple has only updated High Sierra (10.13) and iOS 11 while Microsoft has only updated Windows 10, 8.1 and 7, Windows Server version 1709, 2016, 2012R2 and 2008R2, and Windows Mobile 10 v1709. The major linux distros are in the process of providing updates. Google has provided protection in the January 2018 security updates for various versions of Android. When (or if) you get that update depends on your phone/tablet manufacturer.
Browser updates are either out (Firefox 57, selected versions of Safari, Internet Explorer and Edge) or scheduled for later in January (Chrome 64).
Microsoft Windows issues
Microsoft will not update your Windows 10 computer if it does not meet the requirements. There was an issue with anti-virus software causing crashes but all major and many smaller anti-virus vendors have issued updates to resolve that. Make sure to update your anti-virus software before looking for Windows updates. A second issue is with computers with AMD Athlon CPUs that make them unbootable after applying the update. As of 9 Jan 2018, computers with these CPUs will not be offered the update until the issue is resolved. Once the update has been applied to your computer, you do not need to do anything else unlike with Windows Server.
Windows Server protection is a two step process – first apply the update and then use PowerShell to enable the mitigation code to work. Microsoft has indicated it has done this as there is the potential for a significant performance loss when the code is enabled. Note that the flaw mitigation code is part of the regular monthly update package which also contains other updates (including those for Internet Explorer and Edge). This method allows you to turn off the mitigation code if the performance penalty is too high. For instructions on how to enable the mitigation code, see this Microsoft Support article. As of 9 Jan 2018, Windows Server 2008 and 2012 have not been updated nor is there a timeline for them.
More information will be posted as it becomes available.
You must be logged in to reply to this topic.