Meltdown and Spectre Risk Advisory
If you have read any technology-related news in 2018 then you have probably seen the headlines about two major security vulnerabilities that were discovered. "Meltdown" and "Spectre" are the names given to vulnerabilities that affect the main computer processors found in almost every computer, server, and mobile device made in the last 20 years. Meltdown affects Intel processors and Spectre affects Intel, AMD, and ARM processors. These vulnerabilities are considered to be major because they could allow hackers to access passwords and other data that should be secured. This does not mean exploiting these vulnerabilities will be easy, and both hardware and software manufacturers are racing to patch the vulnerabilities as quickly as possible.
What impact will this have on technology at Western?
Information technology staff across Western are aware of these vulnerabilities, and they are already working to make sure computers, servers, and other managed devices and software applications are patched as soon as possible after the patch is released by the manufacturer. Computer configuration management systems like SCCM (Microsoft's System Center Configuration Manager) make it possible for patches to be deployed quickly and reliably. For more information, see our article on Automated Computer Software Updating.
What about personally owned devices and software?
Most modern devices, operating systems, and applications are already configured to update automatically, or to at least prompt you to update on a regular basis. It is more important than ever to allow these updates to install when you are prompted. The most critical updates will be:
- Web browser software updates
- Operating system updates
- BIOS or firmware updates
- Antivirus updates
The manufacturer of your computer or smartphone most likely has an announcement posted on their website with more specific instructions. Keep in mind that there may be more critical updates in the future as hardware and software engineers learn more about how these vulnerabilities might be exploited. There are no 100% solutions available at this time.
Here are a few examples of what we know so far:
Windows
Microsoft has already released an update for Windows 10, and should be releasing patches for Windows 7 and 8 soon. How to check for Windows updates
Note: this is only for your personal Windows devices. University Windows devices are secured through SCCM (centralized management system) or by your college or departmental computer support staff.
Apple Devices
Apple has a support article posted here: https://support.apple.com/en-us/HT208394
Android Devices
See Google's instructions for Android Updates, and also check your smartphone manufacturer's website to see if they have additional updates you should install.
Web Browsers
Chrome, Firefox, and Microsoft Edge have updates, or soon to be published updates.
Computer manufacturers
Visit your computer manufacturer's website to see what instructions they offer for securing your computer. In addition to operating system and software patches, many computers will need a BIOS update.
Dell published a list of their computers, along with links to the appropriate BIOS updates.