Widespread bug called “Meltdown” is affecting companies such as Microsoft and Google

As many of you may have heard, 2 new security vulnerabilities called Meltdown and Spectre, were recently discovered by 3 independent researchers. Both are hardware vulnerabilities affecting Intel x86 microprocessors and some ARM-based processors (which have gone undetected in the processor’s chips for almost 20 years). These vulnerabilities allow harmful processes to read any physical, kernel or other processes mapped memory (in theory allowing things such as passwords, encryption keys, etc. to become exposed). This vulnerability is affecting all iOS and Mac devices and unpatched Windows devices. Many server and cloud services are impacted as well such as Microsoft Office365, Google Apps, Google Chrome and Microsoft Edge. Although Meltdown has yet to be discovered actively running in live environments, Microsoft and others are beginning to work on and release patches/hardware updates to fix these vulnerabilities. Again, Meltdown and Spectre have not been seen affecting machines yet, they are merely recently discovered vulnerabilities and not an active attack.

OnPar managed services clients should note that our managed antivirus, BitDefender, began releasing their patch for this vulnerability at 5am EST today, January the 8th. OnPar will be pushing forward the Microsoft and Windows patches as they become available later this week or early next week. We will also be releasing information on any Apple updates that are coming out to fix these issues. All hardware and software companies are aware of these vulnerabilities and are actively working to patch/update necessary systems to prevent these vulnerabilities from becoming an actual active threat.

On a side note, personal devices like home computers, smartphones and other smart devices are also affected so as soon as your personal devices show a new update it would be best to install it at your earliest convenience.

There are no active attacks with Meltdown or Spectre as of the writing of this email