Meltdown & Spectre Vulnerabilities: What Do I Need to Do?

Central Processing Unit (CPU) Vulnerabilities

Many of you have recently read of the Meltdown and Spectre vulnerabilities in the news. Below is information regarding the vulnerabilities and what you can do to keep you and your local devices safe.

What are the Meltdown and Spectre vulnerabilities that have been in the news?

These vulnerabilities are design flaws identified in the Central Processing Unit (CPU) of most computers. Certain features of the CPUs can be abused to allow a malicious program running on a computer to access data in the memory of the computer that it shouldn't be able to access. For example, a malicious program could access information in the operating system's memory such as a password, encryption key or other sensitive data. A malicious program could also access information in memory that belongs to another program or user.

What do I need to do?

Everyone's IT situation is different, so it is important to ensure that you are taking the necessary steps to protect your computer from these vulnerabilities. A few practices that you can utilize are listed below.

Update MacOS on your Apple computers. MacOS has a recent update (10.13.2 supplemental) to mitigate these vulnerabilities. An update to Safari (11.0.2) is also available.
If you have Firefox as your local browser, ensure that it's set to automatically install updates. Firefox patched for these vulnerabilities with version 57.0.4.
If you have Chrome as their local browser, it won't be updated for these issues until Jan 23. Consider using an alternate local browser until Chrome is updated.
Update your mobile devices. iOS has a recent update (11.2.2) to mitigate these vulnerabilities as does Android, although the Android update (2018-01-01 patch level) may take some time to become available from the manufacturer or carrier.
Ensure that you update Windows on your workstations. Recent security updates from Microsoft (KB4056897, KB4056898, KB4056890) include a patch for these vulnerabilities. Updates for IE and Edge are also contained in these Microsoft security updates.

Conclusion

Ultimately, these vulnerabilities can only be exploited by malicious code being run on your systems. Training yourself to be aware of security issues and how to properly handle email and web browsing goes a long way toward protecting yourself from not only this but future vulnerabilities as well.