Two exploits dubbed “Meltdown” and “Spectre” which were exposed last week represent the most serious processor vulnerabilities ever found. These vulnerabilities are buried deep in the architecture of the CPUs, and “Spectre” in particular affects almost every modern CPU, from all major manufacturers.
Patches to provide protection have been released on most software platforms – including those from Microsoft and Apple.
One thing to be aware of – if you run Microsoft Windows – is that the patch will not be applied if certain third party anti-virus products are in use on your system. Microsoft indicated “During our testing process, we uncovered that some third-party applications have been making unsupported calls into Windows kernel memory that cause stop errors (also known as bluescreen errors) to occur.” Microsoft has not specified which third-party anti-virus products are affected – so we suggest contacting your anti-virus vendor if you use a third-party solution.
Microsoft was very quick to patch the Azure cloud platform. It did this at multiple levels – implementing a fix at the “hypervisor level” – providing a level of safety and theoretically meaning the Virtual Machines would be safe even if not patched. In addition to this, updates to Virtual Machines are also being rolled out.
At Eagle360 Consulting we take our customer’s data security very seriously, and have a comprehensive Cybersecurity framework. If you would have any concerns with your current hosting setup and would like to have a discussion on what improvements can be made, please contact us.