Meltdown and Spectre Vulnerabilities: What We Know Now
Earlier this week, it was reported that a critical Intel hardware design flaw has exposed gaps in security of their devices, that could leave them vulnerable to exploitation. Researchers discovered that these vulnerabilities affect central processing units (CPUs), or chips, from Intel and other manufacturers, which may potentially allow private data in computers and networks to become exposed.
Within this hardware issue, there are two separate security flaws to be aware of:
- Meltdown: This vulnerability affects laptops, desktop computers, and internet servers with Intel chips.
- Spectre: This vulnerability affects chips in smartphones, tablets and computers powered by Intel, ARM and AMD.
Although these security flaws can be dangerous, the impact and scope of these vulnerabilities are still unknown, and the Winxnet Team is monitoring the developments. As providers and hardware vendors scramble for a response, here is Winxnet’s official stance:
- Since neither the Spectre or the Meltdown vulnerabilities have public exploits yet, there is no other action item warranted other than regular patching schedules of devices. End of Life devices that cannot receive patches and updates continue to present a serious security risk to organizations.
- Within the context of these specific vulnerabilities, dedicated standalone platforms appear to be at a lower risk than those that are shared, such as cloud solutions.
- Vendors are working quickly to distribute patches and pushing security updates which may decrease the risk to your devices. However, it is currently believed that these patches could negatively affect performance. The impact of the fix is not known at this time, and the Winxnet Team will continue to monitor for a possible solution, and assess the impact.
Winxnet is staying on top of the technical updates for the Meltdown and Spectre vulnerabilities. If an exploit is discovered that increases the risk level, we will provide an updated security alert and recommendations. Please reach out to our security experts with questions and concerns on how to best stay secure.