This year certainly started off with a bang in the world of tech security. It’s not very often that in this day and age, a processor flaw becomes a substantial headline for mainstream news outlets. But when it impacts basically every computer or smartphone made in the past 15 years and could negatively affect billions of tech users, that’s kind of a big deal. Essentially, in the drive to create faster technology, some design decisions were made that unknowingly left our devices vulnerable to attack. However, do keep in mind, that even though Spectre and Meltdown have such a wide-spread possibility to cause harm, thus far there have been no known malicious exploits of these vulnerabilities.
Since new details are still being released on a regular basis, when this story broke there was a lot of panicked speculation. To add to the chaos, while software developers and large tech companies like Apple, Google and Microsoft scrambled to create a patch, malware creators came into play by sending out phishing emails telling unsuspecting people to download a fake, malicious patch. This is especially significant because your device would need to have malware installed before hackers can take advantage of Meltdown or Spectre.
Both Meltdown and Spectre are dangerous because they have the ability to access your system’s memory. Once they gain access to your memory, they can steal personal information, passwords and other sensitive data that hackers can use to turn a profit. Meltdown reaches your stored information by basically breaking or melting the isolation that keeps applications from being able to access your memory. While Spectre tricks legitimate programs into accessing your memory. The safety checks reputable apps perform, called speculative execution (where the name Spectre was derived), can actually make apps more vulnerable to this exploit.
In case you missed it, CoreTech President, Chris Vilim sent out an email regarding Spectre and Meltdown:
There has been a lot of news coverage about the recently discovered Meltdown and Spectre vulnerabilities. We have been researching both Meltdown and Spectre over the past few weeks and want to provide you with an update of what we know at this time.
First, almost all computer systems and mobile devices are subject to these vulnerabilities as there are issues with the way the microprocessors were designed. The vulnerability also extends to other tech appliances like firewalls. The problem is wide-spread and isn’t limited to a single hardware manufacturer or software company; it impacts everyone in the tech industry and manufacturers in other markets as well.
Second, there have been no known exploits of the Meltdown and Spectre vulnerabilities in the wild. The vulnerabilities were discovered by Google researchers in a controlled lab environment where they utilized detailed, non-public information about the targeted processors. Also, it is important to point out that for a hacker to take advantage of these system bugs, they would first have to get a piece of malware onto the system. Since CoreTech is already working diligently to protect your systems from malware, this is good, as it will be more difficult for hackers to exploit the Meltdown and Spectre vulnerabilities.
So, how are we addressing these potential threats?
Based on the information that we have so far, remediation of these vulnerabilities for your computers and servers will entail (1) updates to the equipment firmware, (2) operating system patches, and (3) application updates.
At this point, updates have been released by most of our primary hardware and software partners. However, published reports are showing that these updates can cause issues ranging from random system reboots to significant performance degradation.
The situation is quite fluid and more information is being released on a daily basis. We are monitoring the data closely and once stable updates are available, we will test them internally before deploying to our clients.
For your smartphones and mobile devices (both Android and iOS) we encourage you to apply the latest updates to the operating system as soon as you can.
For your line of business software and other applications, we recommend you apply updates as they are released. (Verify they are coming directly from the manufacturer themselves, as many hackers are taking this opportunity to send out malicious phishing emails promising operating system patches for commonly used applications).
In the meantime, it is critically important you take every precaution to keep your systems safe and protected from malware. You likely have software and systems in place to scan your computers and filter your email, but training yourself and your employees is also a crucial component. If you don’t already have an educational program in place, we offer an employee security training program using content from KnowBe4. Please reach out to your CoreTech account representative if you would like to learn more about this offering.
Are you interested in reading more about these vulnerabilities?
If so, go to:
We will continue to distribute information as it becomes available. It is truly our pleasure to work with you. As always, if you have any questions or concerns please feel free to reach out to us at email@example.com for service or firstname.lastname@example.org with questions.