The Intel Crisis: Where We Stand Now
Early this year, Intel announced two major security flaws in their central processing units. The first of these vulnerabilities is called Spectre, and it allows hackers to trick the processor into starting a speculative execution process. This process is used to make your device run faster, the chip will guess what information is needed next. During this process, sensitive data will be temporarily easier to access. So, by forcing the processor to start speculative execution, the attacker can have access to the secret data that is being made available. The second vulnerability, Meltdown, lets hackers access private information through a computers operating system like Windows or High Sierra. Intel responded quickly by releasing a patch for the issues within a couple of days. This was good, until problems with the patch became apparent. First off, the patch slowed the computers down DRASTICALLY. Reports came in that performance had dropped by as much as 25% in some cases. On top of that, the patch created a bug that caused some processors to abruptly reboot. Intel was only able to fix this bug for some older processors…leaving the majority of us stuck with a less than ideal solution.
We were stuck with this disheartening solution until the beginning of last week, when it was announced that the security patches were being pulled immediately. It’s safe to assume this was a direct result of the lack of stability that the patches caused. Since then, Intel has announced that they will release updated chips with fixes for Spectre and Meltdown later this year. That’s about all the information that has been released on the matter at this time. We don’t know when exactly “later” is which, given the magnitude of the issue, is a means for concern. Intel also claimed that they have a long-term solution but have released no info on the details of this solution.
Judging by the situation we have been given, it’s safe to assume we are going to have to live with the Spectre and Meltdown vulnerabilities on our CPU for a little while. The good news is that no hackers seem to be exploiting these vulnerabilities yet, but that doesn’t mean it isn’t happening or won’t any day now. So, what can you do to protect yourself until a new patch gets released? The biggest thing is to install software updates put out by your software and hardware vendors so that you can be as protected as possible. Besides that, be extra cautious about what you download and open on your computer. These vulnerabilities cannot be exploited unless someone first invites in malware onto their computer. So keep all your software and firewalls updated, keep the layered protections up and current (content filtering, Anti-Virus, Anti-Malware, and Anti-Spam), run security checks frequently, and avoid phishing emails. As always, don’t forget to have strong, malware-aware backups and test them frequently. We have a lot of other blogs on our website about ways to protect both yourself and your business from security threats you can look at for some more detailed guidance, and if you have any direct questions you can contact us at (518) 320-8906.