Association TechTalk Q&A: Meltdown & Spectre [updated]

We invited our CTO Chris Ecker to Association TechTalk to address lingering concerns about Meltdown and Spectre, computer processor security flaws confirmed in early January 2018. You can watch the full conversation or just catch up on these highlights.

What makes Meltdown and Spectre different?

They affect every modern computing device, with a vulnerability in hardware.

The resolution is also unique, involving processor manufacturers, operating systems, and virtualization vendors—that’s a lot of patches to develop, text, coordinate, and release.

What is Meltdown?

Essentially it “melts” the security boundaries typically enforced by hardware. It is limited to Intel processors.

What is Spectre?

Its name comes from its effect on the processor, the architecture of which includes “speculative execution” to try to determine future actions.

What is DelCor doing to remedy Meltdown and Spectre?

What your association needs to know about Meltdown and SpectreWe have identified the three major components to update, which we are testing and deploying for our Partner clients. We’ve also identified some significant challenges—unsurprising given the scope and nature of these particular security vulnerabilities. Chris outlines the pros and cons in the video.

How concerned should I be about Meltdown and Spectre?

Everyone should be taking steps to implement the patches and fixes released by the various vendors. However, it’s worth noting that no exploits have been observed as of yet.

Want to know more?

Watch the video here.

DelCor clients needing support or having questions about this issue should contact their dedicated NSS consultant.

As indicated in Chris’s Association TechTalk, we’ve rounded up some technical links that may be of interest. Note that these are all third-party links. DelCor is not responsible nor liable for any advice given therein, nor for results of any actions taken upon this advice.

Microsoft Security TechCenter Security Update Guide

Windows Server guidance to protect against speculative execution side-channel vulnerabilities

Windows security updates released January 3, 2018, and antivirus software

HPE ProLiant, Moonshot and Synergy Servers – Side Channel Analysis Method Allows Improper Information Disclosure in Microprocessors

VMware products: Meltdown and Spectre

Update

Intel patches are not working as expected and further deployments are on hold. What to do in the meantime? Read more here:

Intel's Spectre/Meltdown patch hold up, what to do while you wait

Spectre flaw: Dell and HP pull Intel's buggy patch, new BIOS updates coming