A security research firm recently released documentation on two critical vulnerabilities, Meltdown and Spectre. These hardware bugs affect nearly all devices, including desktops, laptops, Macs, mobile phones, medical equipment, and cloud servers.
The vulnerabilities allow a program to access and read data in memory from another program, which can contain sensitive information like emails, documents, and stored passwords. Specifically, Meltdown affects almost all processors of Intel, and Spectre is affected by a design flaw in the chip processors of Intel, AMD, and ARM. While there are no known attacks that have exploited these vulnerabilities, it’s important to protect yourself and your organization against these threats.
There are software patches to fix the Meltdown vulnerability. It's been noted that the Meltdown fix may reduce the performance of the processors between 5 and 30 percent. Also, Microsoft has released updates for Windows 10, but they note that the patch won’t be compatible with some antivirus software. The Windows update should only be applied after the registry key has been changed. The registry key can be changed manually or by an update that has been issued by some AV vendors.
There are also patches for Spectre, although they don’t completely mitigate the variants of these attacks. A more permanent fix requires newly designed hardware for the chip processors, which takes time to implement.
For more details on vulnerabilities, including a list of companies and systems that have been affected, visit meltdownattack.com.