Skip to content Sitemap

Do You Own a Windows-Powered PC or Laptop Made in the Past 20 Years? Here is What You Need to Know About the Security Flaws

 

AP Explains: Who’s affected by computer chip security flaw.

Technology companies are scrambling to fix serious security flaws affecting computer processors built by Intel and other chip makers and found in many of the world’s personal computers and smartphones.

INTEL Processors

Intel is at the center of the problem because it supplies the processors used in many of the world’s PCs. Researchers say one of the bugs, called ‘Meltdown’, affects nearly every processor it’s made since the mid-1990s.

Other Chip Producers

While researchers say the Meltdown bug is limited to Intel processors, they have verified ‘Spectre’ as a problem for Intel, Advanced Micro Devices and ARM processors. AMD chips are also common in PCs, while ARM chips are found in many smartphones and other internet-connected products, including cars and home appliances. The ARM design is also used in Apple’s mobile chips.

Meltdown & Spectre

Dubbed ‘Meltdown’ and ‘Spectre,’ the flaws affect nearly every device made in the past 20 years. They could allow attackers to use JavaScript code running in a browser to access memory content of a computer and be leaked. Such a leak could potentially expose stored passwords and other sensitive data, including key strokes, personal photos, emails and instant messages.

Windows

For Windows itself, this is where things get messy. Microsoft has issued an emergency security patch through Windows Update, but if you’re running third-party antivirus software then it’s possible you won’t see that patch yet. Security researchers are attempting to compile a list of antivirus software that’s supported, but it’s a bit of mess to say the least. Microsoft has started rolling out its own Windows 10 security patches, alongside software updates for Firefox and an update coming to Chrome later this month.

Apple

Apple has not yet commented publicly on the bugs, but AppleInsider reports that Apple has already deployed a partial fix for the security bug in macOS 10.13.2. More changes are expected to come with 10.13.3 soon. Apple has not commented on how it plans to fix its Safari browser or even macOS.  Apple also didn’t immediately respond to inquiries on whether iPhones and other mobile products are affected.

WHAT TO DO NEXT?

There are limits to what consumers can do now to protect their computers.

Advice from the U.S Computer Emergency Readiness Team’s was grim. The federal organization says that “fully removing the vulnerability” requires replacing the hardware already embedded in millions of computing devices.

That’s not to say nothing can be done.

Updates and Unknowns

Protecting a Windows PC is complicated right now, and there’s still a lot of unknowns.  There are already Meltdown patches for Microsoft’s Windows, Apple’s macOS and Linux. Mozilla says it’s also implementing a short-term mitigation that disables some capabilities of its Firefox browser. Google says Android devices are protected if they have the latest security updates.

Microsoft, Google, and Mozilla are all issuing patches for their browsers as a first line of defense. Firefox 57 (the latest) includes a fix, as do the latest versions of Internet Explorer and Edge for Windows 10. Google says it will roll out a fix with Chrome 64, which is due to be released on January 23rd.  Chrome, Edge, and Firefox users on Windows won’t really need to do much apart from accept the automatic updates to ensure they’re protected at the basic browser level.

Consumers can mitigate the underlying vulnerability by making sure they patch up their operating systems with the latest software upgrades.

If you own a Windows-powered PC or laptop, the best thing to do right now is ensure you have the latest Windows 10 updates and BIOS updates from Dell, HP, Lenovo, or one of the many other PC makers. We’re hoping Microsoft or Intel creates a simple tool (they have a PowerShell script right now) to check protection for both the firmware and Windows updates, but until such a tool is available you’ll need to manually check or get familiar with PowerShell.

“If you download the latest update from Microsoft, Apple, or Linux, then the problem is fixed for you and you don’t have to worry,” security researcher Rob Graham said in a blog post Thursday.

Checklist

Here’s a quick step-by-step checklist to follow for now:

  • Update to the latest version of Chrome (on January 23rd) or Firefox 57 if you use either browser
  • Check Windows Update and ensure KB4056892 is installed for Windows 10
  • Check your PC OEM website for support information and firmware updates and apply any immediately

These steps only currently provide protection against Meltdown, the more immediate threat of the CPU flaws. Spectre is still largely an unknown, and security researchers are advising that it’s more difficult to exploit than Meltdown. The New York Times reports that Spectre fixes will be a lot more complicated as they require a redesign of the processor and hardware changes, so we could be living with the threat of a Spectre attack for years to come.

 

Information gathered is from The Verge: How to protect your PC against the major ‘Meltdown’ CPU security flaw) by Tom Warren;

The Verge: Intel cliams its new security updates make PC’s ‘immune’ to Metldown and Spectre CPU bugs by Tom Warren;

Matt O’Brien/The Associated Press AP Explains: Who’s affected by computer chip security flaw;

Secure World News Team: Need to Know: ‘Meltdown’ & ‘Spectre’ Resource Page

 

 

www.EverStarRealty.com

www.EverStarPropertyManagement.com

509-735-4042

1920 N. Pittsburgh St., Suite A

Kennewick, WA 99336

Posted by: everstar on January 5, 2018
Posted in: Uncategorized