meltdown and spectre update

First published 5 January 2018

Keep applying software updates to ensure continuous protection

In the last few days, there has been a lot of discussion in the media about the Meltdown and Spectre vulnerabilities found in the central processing chips (CPU) of almost all modern computers.  Keep in mind that mobile phones and tablets are also computers. 

While these vulnerabilities have the potential to be serious there is no indication at the moment that they are being exploited by hackers and criminals. However, this is only a matter of time before they are.

These vulnerabilities can only be used to read (protected) memory, that cannot be used to run malicious code.

What should I be doing?

Apply software updates as they are supplied by your provider.  This includes operating system (OS) updates, firmware updates (normally called BIOS or U/EFI updates) and web browser updates.

In this particular case, there can be some unusual side effects which may mean having to update anti-virus products as well.

*** UPDATED 10/01/2018 ***

Further information can be found on the Windows security updates provided by Microsoft here: https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

In particular, this article states:

Note: Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key:

There is a list of which AV applications set this registry key (an internal Windows setting) here https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true

*** END UPDATE ***

If possible test the updated applications on a secondary PC before applying the updates to your primary PC.

What next?

Don’t panic!

Reports of the dramatic slowing downing of computer performance appear to be overstated.

The software industry and security experts are working hard to resolve these issues.

Contact your IT provider for specific advice and guidance on your particular IT systems.

Continue to test and evaluate your business continuity plan (BCP).

For more information see the NCSC web site: https://www.ncsc.gov.uk/guidance/meltdown-and-spectre-guidance

Anonymous