![]() ![]() This means companies are given time to correct issues by patching whatever vulnerabilities exist in their systems before any research is published. Typically, researchers follow responsible disclosure practices. There are a few things to remember when it comes to these kinds of heavily publicized incidents. Software updates are your friend: Enabling automatic patching is the way to prevent both the Meltdown and Spectre vulnerabilities from becoming issues for your system. The media has a tendency to sensationalize stories like this, especially in cases where a large number of machines may be affected (such as in the Heartbleed incident that surfaced in April 2014). The main thing to remember in situations like this: Don’t panic. “If either of the vulnerabilities are turned into meaningful exploits, we will update the time table and send out another announcement about pushing the patch.”įor personal computers, we’ll offer the same advice: Turn on automatic patching so that when companies put out zero-day fixes for these flaws, your machine will be sure to pick them up. “Wait for the patch to be deployed via the normal processes,” Bazeley said. Bazeley noted that for normal Windows users (that is, most non-IT staff, faculty, and students), as long as machines were automatically patched during this update window, you have nothing to worry about. So what now? Is it time to run for the hills? Miami’s information security team deployed patches for Windows users the week of Jan. ![]() Computers that allow multiple concurrent users.įor these populations, Joe recommended to enable automatic patching so that when Miami issued a fix for the Meltdown and Spectre flaws, computers remained protected.Computers used mainly for web browsing.What do you need to know?Īccording to Joe Bazeley, assistant vice president for security, compliance, and risk management, at Miami two populations of machines are most likely to be affected and thus should be prioritized as far as patching is concerned: According to Wired contributor Andy Greenberg, the flaw is present in Intel chips that were introduced in the 1990s - so this flaw is more than 20 years old. In early January 2018, these issues dominated the tech news cycle, after several groups of researchers concurrently discovered two chip flaws (named Meltdown and Spectre) that would possibly allow malicious actors access to memory that wouldn’t normally be available.īoth of these vulnerabilities have to do with how specific instructions are handled by processors and how memory is accessed. By now, you’ve no doubt heard about the Meltdown and Spectre vulnerabilities that researchers have been quietly studying for some time. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |