What You Need to Know: Meltdown and Spectre Threats

Today’s CPU Vulnerability: What you need to know.

Last week security researchers at Google Project Zero and Graz University of Technology disclosed central processing unit (CPU) vulnerabilities that affect the chips found in most common servers and PC’s. The flaws, named Meltdown and Spectre, have the potential to affect virtually every modern computer, including smartphones, tablets and PCs from all vendors and running almost any operating system. Our operating system and application partners such as Microsoft, Apple, VMware, and Google have collaborated closely with industry partners to develop and test mitigations.

What can you do?

For your personal PCs and mobile devices, we recommend enabling automatic updates to ensure that you receive the latest security fixes on your home devices as well. While Intel as well as OS and cloud providers like Microsoft, Google, Amazon and Apple have already released patches, it’s important to err on the side of caution. In a recent article by CRN, our chief technology officer, Paul Breitenbach, recommended using certified anti-virus vendors that meet OS patch requirements in order to prevent blue-screening on servers and PCs. He also mentioned potential performance loss that may occur during the vulnerability patching process. Some industry experts, he said, have estimated the CPU performance degradation could be as little as an “imperceptible” 5 percent or as high as 30 percent on systems, depending upon which applications and tasks are being run at the time.

“None of our clients we’re particularly worried about,” Breitenbach said. “We monitor the metrics of their servers to make sure they’re not on the edge of any kind of performance [loss] on an ongoing basis. Having that overhead and keeping that overhead on the systems they do use and at peak usage times, it’s not going to be detrimental to them. For MSPs and shops that don’t make recommendations with regard to systems overhead, it could be something of concern for them.”

Click here to read the full article on CRN.

If you’re a CompassMSP client, we have you covered! We’re applying all necessary updates as released to keep you protected and no action is required on your part. If you’re not a CompassMSP client, give us a call to find out how managed services can proactively protect your IT infrastructure against threats like Meltdown and Spectre. As always, if you have any questions or concerns, don’t hesitate to contact us.