Current eMessage > Technical Information > February 2018

Technical Information

In the news: Meltdown and Spectre exploits

by MACC’s Technical Support Team

Have you ever watched a good sports match where both teams seem to score at will? That’s how it sometimes feels when watching or reading the news. There is always a new exploit or another vulnerability discovered and as soon as you make sure you’re safe from one, another one pops up. The latest news has been about Meltdown and Spectre.

These vulnerabilities exist at the hardware level and, as it turns out, have been around for many years. By now, most of you have undoubtedly heard of these threats and we want you to know that they have our attention as well. We continue to keep an eye on the progress that’s being made by various manufacturers as they attempt to remediate such a widespread security flaw. Things have been a bit chaotic lately as some patches have been successful while others have been retracted due to problems with instability and performance. These inconsistencies will eventually get worked out and we will continue to make adjustments as progress is made.

The good news is that there are a number of factors that limit the potential risk of Meltdown and Spectre. First, an intruder needs to attack a system known to have the vulnerability. The intruder also needs direct access to the vulnerable system, and needs to have the ability to install and run an exploit on that system. Because of this, good security hygiene can play a key role in keeping these risks at bay.

Here are some simple security practices that can significantly lessen your risk of an attack:

  1. Keep your antivirus endpoint software up to date.
  2. Ensure all of your systems are updated on a continuous basis. This includes Windows Updates as well as other hardware and software updates that are periodically released by the manufacturers.
  3. Ensure that your web browsers are routinely updated to the latest version. Some of the more popular web browsers would include Microsoft Edge, Google Chrome, and Mozilla Firefox.
  4. Check your firewall, if it needs updating or replacing, do it now. SonicWALL states their latest generation firewalls are immune to the exploits and their gateway antivirus can identify and stop future attacks
  5. Replace those older workstations. Workstations running Operating Systems like Windows 7 or 8 are more vulnerable to exploits due to the many security patches they need to be current. Windows 10 was built with enhanced security in mind so, if you haven’t made the change, now is a good time to upgrade to Windows 10.
  6. Pay attention to the websites you are visiting and the emails you are opening. Exploits and vulnerabilities almost always happen through web browsing and email.
  7. Never use a mission critical server as a workstation.

We take security very seriously at MACC and have been working hard to develop a culture of security awareness. We are committed to offering our best to help you strengthen your defenses. If you have any questions, or if there is anything we can do for you, please don’t hesitate to contact your MACC Tech Support Team and we will be happy to help! We can be reached at 402-533-5300 or via email at macctechs@maccnet.com.

Return to current eMessage

Have a technical question?

We would love to hear from you! Use the form below to submit your questions and comments and we will include them in our monthly newsletter articles.

Fill out my online form.

MACC Challenge
2017 Articles

December 2017
I’ve been hacked! Now what?

November 2017
Cybersecurity 2.0

October 2017
Open Sesame!

September 2017
Learn how to keep your data safe

August 2017
More than a buzzword

July 2017
What is a DDOS attack?

June 2017
Ransomware is in the news again!

May 2017
Tech Support has your back

April 2017
Beware of ransomware for hire

March 2017
Air gapped backups

February 2017
Tired of Ransomware?

2016 Articles

November 2016
Do you have Tape-itis?

October 2016
MBTC Tech Booster Recap

September 2016
Workplace wireless technologies

August 2016
Steps to improve your cybersecurity

July 2016
Windows 10 upgrade info

June 2016
Is an old server saving money?

April 2016
Router security

February 2016
A back-up is the best defense