Security Alert: Meltdown and Spectre Vulnerabilities Impact Most Computing Devices

January 5, 2018

by UNH Information Security Services

    Vulnerability Overview

    Meltdown and Spectre are two different, but related critical vulnerabilities found in most modern processors that make it possible to steal data being processed on a computer.  Although programs are not usually permitted to access data from other programs, malicious software can use these two vulnerabilities to do just that, making it possible to steal sensitive, private information.

    Meltdown, which impacts almost every Intel processor in use today, is easier to exploit but can be guarded against by removing the ability for the operating system to share memory between programs.  Patches to remove this ability for some operating systems are already available and are expected for most others in the coming weeks. 

    Spectre, which impacts chips made by Intel, AMD, and ARM and most processors currently in use across all modern devices, is harder to exploit but has a larger attack surface and is more challenging to remediate.

    Both vulnerabilities affect all types of devices using impacted processors including servers, desktops, laptops, smartphones, all other mobile devices, and the hardware behind the cloud.

    Affected Devices

    • Most computing devices including desktops, laptops, servers, tablets, smartphones, and other mobile devices

    Recommended Remediation Steps

    UNH Devices - Windows

    UNH IT will push security updates to all managed UNH devices running Windows as those patches become available.  If you are using a managed device, it is important that you restart your machine on a daily basis to ensure these updates are applied to your device as soon as they are available.

    UNH devices that are not being managed need to be updated with security patches from Microsoft as soon as they become available.  The best way to ensure a device remains up to date is to take advantage of Microsoft’s automatic update feature. Learn how to turn on automatic updates here (https://support.microsoft.com/en-us/help/12373/windows-update-faq).

    In addition to installing the January 2018 Windows security updates, all Windows devices may also to have firmware updates installed.  These updates will come from the device manufacturer and additional information about these updates for UNH devices will be provided as it becomes available.

    UNH Devices - MAC

    Users of UNH MAC devices need to apply security updates for their devices as soon as they become available.  As of 5 January, Apple has released patches for iOS 11.2, macOS 10.13.2, and tvOS 11.2 that protect against Meltdown. 

    All UNH Devices

    All UNH devices need to have operating system, browser, and application updates applied as soon as they are available.

    Personal Devices

    • Ensure your operating system is up to date and enable automatic update functionality if it is not already enabled.
    • Ensure your browser software is up to date and apply all security patches as soon as they become available.
    • Check with your devices manufacturer for firmware updates and apply any patches as soon as they are available.

    Other Information

    As both Meltdown and Spectre require the installation of malicious software to impact your device use only trusted sources to download software.  For additional information about these vulnerabilities, visit the following:

    Bookmark and Share

    Archive