Recently-published research articles have demonstrated a new class of vulnerabilities (dubbed "Meltdown" and "Spectre") that exist in most modern computer processors. At best, the vulnerabilities could be leveraged by malware and hackers to more easily exploit other security bugs. At worst, they could be abused by programs and logged-in users to read the contents of your computer's memory (such as passwords).
You should be aware of these attacks because your computer is probably affected, but there is no need for alarm. This is a technical issue that will be addressed as software and operating system providers release updates which can then be installed on your computer.
RecommendationsThe best protection from the new vulnerabilities is continuing to maintain good security practices – especially to ensure your operating system, browser, and antivirus software are kept up to date with the latest vendor software patches.
- Patch your operating systems, browsers, and other software
- Prioritize updating your browser
- List of Meltdown and Spectre Patches and Updates: https://www.forbes.com/sites/thomasbrewster/2018/01/04/google-microsoft-apple-updates-for-meltdown-spectre-intel-processor-vulnerabilities
- Be aware of the effect of your anti-virus product. This type of software may cause problems with Windows updates – you may need an anti-virus update before installing Windows patches.
- IMPORTANT NOTE: If you are not running a Microsoft supported anti-virus, the Windows patch may need to be
- Microsoft Technical Advisory: https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
- List of Microsoft supported anti-virus: https://support.microsoft.com/en-us/help/18900/consumer-antivirus-software-providers-for-windows
- A security researcher has a Google Docs spreadsheet of the status of AV products patching here: https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/edit#gid=0
Summary Articles and Useful Links
- Summary of issues:
- OIT Wiki Page with detailed technical links and information: https://wiki.oit.uci.edu/x/vgCeS