The team at IT Indianapolis is closely monitoring the latest information regarding the “Spectre” and “Meltdown” vulnerabilities. The issue, briefly stated, involves recently disclosed vulnerabilities in CPU architecture. The vulnerabilities impact nearly all modern CPUs. If you have a computer, server, smartphone or tablet you are likely to be affected.
Because of the widespread nature of the vulnerability, the various manufacturer responses have been evolving rapidly. Some of the early fixes resulted in significant problems and were subsequently recalled. Other fixes will reportedly have a significant impact on the performance on all but the latest generation of CPUs and chipsets. Antivirus vendors have also been involved as their products need to be updated as well.
Rest assured that as of today there are no reported exploits of the Spectre & Meltdown vulnerabilities. Also keep in mind that all the industry assessments thus far indicate that any forthcoming attacks would have to be initiated from within a computer operating environment or network, not from outside. As a result, the protections IT Indianapolis is already providing our customers will significantly mitigate the threat, much like the millions of threats we guard against on a daily basis.
Because of the evolving nature of the industry response, the initial problems encountered, the lack of successful exploits and the nature of the protections you already enjoy, our response is to wait & see. We will continue our normal process of testing patches to computer & server operating systems and applying them once the impact has been assessed. If we are managing your network, we have already updated your managed antivirus software. We are currently assessing firmware updates to the physical computer and server hardware and applying them in test environments to determine the impact. Once we are confident in the solutions, we will communicate a plan to perform the updates where appropriate.
Please be aware that the vulnerabilities in question take advantage of the microcode designed to speed up CPUs. For many older computers, the only solution may be to disable the affected code. The “fix” will likely to make older, slower computers even slower – unbearably so in most cases. Your only recourse may be to replace the computers or servers. Again, we will communicate a plan once the flurry of activity settles and our assessment is complete.
Be sure to visit this page often to learn our response strategy. This is an evolving issue and our only communication regarding our response will occur here. For more information about this issue, visit the US government-sponsored Computer Emergency Readiness Team (CERT) web page located here.