Call us Today At (519) 489-0646

polarverse jan special blogpost 2018

Polarverse would like to let you know that memory isolation issues affecting Intel, AMD, and ARM processors has been discovered. Here’s what you need to know and what you need to do.

The flaw enables attack code to read anything in memory, which could lead to data or identityl theft. The vulnerability is known by names such as Meltdown, Spectre, KPTI, KAISER and F**CKWIT. Patches have been released by Microsoft, Linux, and other platforms on Jan 3, 2018. Because exploitation requires the execution of some form of attack code, unpatched software programs are particularly at a high risk of facilitating the attack.

What Does That Mean?

If this vulnerability is successfully exploited, it will allow an attacker to access sensitive information inside the protected parts of your memory. Information, including passwords, emails and private documents may become exposed. Because this is a hardware level vulnerability, most all operating systems are affected. That means even Apple users are at risk!

What Does All This Mean For Me?

You are likely affected by this!

All chips made by Intel, AMD and ARM are affected.

Windows, Linux (Android included) and macOS are affected.

Cloud service vendors such as AWS and AliCloud are affected.

Yikes! What can I do?

Patching this vulnerability is more difficult than usual as it exists on the hardware level, affects multiple platforms, and includes varies versions of mobile and IoT devices. The current patch on Linux and Windows will incur a 5-30% performance hit on Intel products. This means if you are currently running a slow computer, it will get slower after the patch.

You'll need to stay updated on the newly released patches of your products and apply them when available, or confirm with your service provider that they have updated your systems to the latest patch. Big vendors are already giving feedback about their patching status. See examples below:

   VMware: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

   AMD: https://www.amd.com/en/corporate/speculative-execution

   Red Hat: https://access.redhat.com/security/vulnerabilities/speculativeexecution

   Nvidia: https://forums.geforce.com/default/topic/1033210/nvidias-response-to-speculative-side-channels-cve-2017-5753-cve-2017-5715-and-cve-2017-5754/

   Xen: https://xenbits.xen.org/xsa/advisory-254.html

   ARM: https://developer.arm.com/support/security-update

   Amazon: https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/

   Mozilla: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

Does My Firewall Help?

While this vulnerability affects mainly servers and workstations, attacks and malware that seek to exploit this vulnerability can still be detected and intercepted via network traffic. So, make sure you update the firmware on your firewall as well.

What If I’m a Client of Polarverse?

Clients of Polarverse are covered. We will be rolling out firewall patches as they become available and will continue to make sure all 3rd party applications are fully patched. We will be conducting these patches ahead of our routine schedule due to the extreme nature of this vulnerability. We will also postpone any hardware related recommendations and projects until we find out how Intel intends to move on from here.

Contact us if you have any questions or concerns. We can help you understand the problem better and help put your mind (and machine) at ease.

FacebookMySpaceTwitterDiggDeliciousStumbleuponGoogle BookmarksRedditNewsvineTechnoratiLinkedinRSS FeedPinterest
Pin It

Sign-up for our Newsletter

polarverse newsletter sidebar sign up for it news

Polarverse IT Services: trusted computer support for businesses throughout the Waterloo Region

Let us help you today!

Maybe you’re concerned with the current rising costs of your IT services, or maybe you are just running short on time because of your expanding business and need to hand over the reins of some services to someone else. Whatever your reason, we can help you with quality IT services today.

Your business can save money and time today with Polarverse IT Services’ managed services, network solutions, IT support and more.

Find out more

Trying to pick an IT Services Provider?

21 questions you should ask book cover

If so, we would at least like to send you a copy of our recently published report, 21 Questions You Should Ask Before Selecting a Computer Support Company.

Even if you aren’t ready to make a change right now, this report will give you important questions you should ask your current IT person to make sure that their policies, procedures and service standards won’t leave you vulnerable to expensive problems, lost data, viruses, hacker attacks and a host of other problems.

Simply fill out the form here and we’ll send you a copy today!

Call Us

519.489.0646

Our Mailing Address

Unit 6D, 25 Struck Court
Cambridge, ON N1R 8L2

polarverse bear with laptop managed IT services