ITPro SnapShot: Resources for the Meltdown and Spectre Flaws

The new year began with a major processor flaw which was made public this week so we are using the ITPro SnapShot to help you understand and deal with the impact of these vulnerabilities.

Richard Hay, Senior Content Producer

January 5, 2018

3 Min Read
ITPro SnapShot Hero

Today we are skipping the normal list of product and services announcements that we feature in ITPro SnapShot to focus in on resources and information about the Meltdown and Spectre flaws that are present in a vast percentage of computer processors.

*

"Meltdown and Spectre - Bugs in modern computers leak passwords and sensitive data"

This is the best place to start, as it is the official site, coordinated by the teams that discovered the flaws.

On this page you will find:

  • Detailed white papers on each bug

  • A question and answers segment which fields some of the common inquiries that are coming up about the bugs

  • Example videos of the bugs in action

  • Links to official information from computer and chip manufacturers about their responses to Meltdown and Spectre

  • A list of individuals who were part of the team which discovered them


"How to Protect Against the Meltdown and Spectre Vulnerabilities"

This one is from ITPro Today, courtesy of Windows Secret's Susan Bradley. She provides instructions on how Windows users can check their systems to see if they're ready to receive Microsoft's Meltdown and Spectre patches, then advises how to handle safeguarding against the Meltdown and Spectre flaws. You will also find direct links to the patch downloads for supported versions of Windows.


"Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities"

Here is Microsoft's official support article for IT pros about the Meltdown and Spectre flaws. It includes a PowerShell script that will help you confirm whether or not protections are in place on the systems you manage. There is also a link to the executive summary about these issues on that page but I also wanted to highlight it here so you can easily access that information. For those of you supporting Surface hardware, you will want to also check out this firmware update which helps to further mitigate the Meltdown and Spectre flaws on those devices.


"About speculative execution vulnerabilities in ARM-based and Intel CPUs"

This is Apple's statement about the Meltdown and Spectre flaws and they confirm that recent updates to iOS, macOS, and tvOS provide protections against Meltdown. They are still working on updates to Safari to help mitigate Spectre's impact through the web browser.


"Today's CPU vulnerability: what you need to know"

Here is Google's official response to the Meltdown and Spectre flaws and their plans to address it. Since their Project Zero team was among those teams which discovered the vulnerabilities, Google got a head start on updating their systems for threat prevention.They've provided a list of mitigation statuses for their products and services, and you can also catch up on the issue as it relates to Google Cloud, G Suite, and Chrome through this Google Cloud team blog post.


"Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism"

Processor maker ARM details how their processors are potentially impacted by the Meltdown and Spectre flaws. The company says malware must be running locally on your device to take advantage of the flaws. They also state the majority of ARM processors are not impacted by the Meltdown and Spectre flaws, but they do provide a list of those which are vulnerable, and they provide instructions for Linux and Android users.


"Processor Speculative Execution Research Disclosure"

Amazon has also published information on how the Meltdown and Spectre flaws can impact Amazon Web Services and its various cloud offerings.  There are brief comments about multiple Amazon products on this page and links to more detailed information for each of those areas.

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

About the Author

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like