Meltdown and Spectre – time to panic?

Published: Posted on

We have had a number of queries about the well-publicised processor vulnerabilities, Meltdown and Spectre.  There are no reports of actual exploits being used at this stage and certainly with meltdown an attacker would need access to the systems concerned in order to exploit the vulnerabilities.  Suppliers of operating systems, anti-virus and other relevant software are developing and issuing updates and patches to prevent the exploitation of these vulnerabilities.

The general advice is to apply patches (updates) as soon as practical and take sensible security precautions to avoid introducing malware to systems.

IT services is already working on this for the systems under its control.  However there are many personal and University devices outside the control of IT services, and it is the responsibility of everyone to ensure that systems under their control have updates and patches applied as soon as is practical.

Further details and advice is available on the web.

Advice on personal devices is available here:

https://www.ncsc.gov.uk/guidance/home-user-guidance-manage-processor-vulnerabilities-meltdown-and-spectre

Advice for systems administrators is available here:

https://www.ncsc.gov.uk/guidance/meltdown-and-spectre-guidance

It is worth noting that there are some incompatibilities with updates and anti-virus versions so you should check with your anti-virus supplier.  The relevant McAfee information is available here:

https://kc.mcafee.com/corporate/index?page=content&id=KB90167

Google has provided a list compatible AV software which will allow Windows systems to be patched:

https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true

Google has also issued advice for Chrome users on how to isolate tabs which will reduce the chance of exploits:

https://support.google.com/chrome/answer/7623121?hl=en-GB

Author: Chris Bayliss

IT Security Manager.

Leave a Reply

Your email address will not be published. Required fields are marked *