Technology Services Spectre and Meltdown CPU Vulnerabilities
 
SHARE THIS

 

The P&N Technology Services Group would like to make you aware of the reported vulnerabilities known as Spectre and Meltdown affecting Intel, AMD, and ARM processors. There is no evidence of exploitation as of this notice, but the publicly available proof of concept could result in the vulnerabilities being developed for delivery through malware.

Spectre and Meltdown are attacks that exploit performance optimizations used by modern CPUs to access protected memory. Spectre has been verified on Intel, AMD, and ARM processors, while Meltdown appears to only impact Intel processors. The vulnerabilities affect all computing devices with these processors- servers, desktops, laptops, handheld/mobile devices, and hosted/cloud servers. 

What's the Risk? 

The primary risk from these exploits is sensitive data loss, such as extracting encryption keys or passwords from memory.  Cloud hosted servers or virtual server hosts could be significantly impacted if an attacker exploits these vulnerabilities to break out of the isolation of a guest virtual host. It may also be possible to deliver exploit code via drive-by download to extract information from a web browser.

Recommended Actions

We strongly advise a metered approach to updating affected systems. You should follow standard for testing and deploying updates. You should also contact hosted service providers to confirm that platforms that store or process your corporate data are updated, especially those systems on shared hosting or infrastructure-as-a-service vendors.

Questions  

If you have any questions or concerns about this notice, please contact the P&N Technology Services Group at 225-755-1258 or email our service portal at servicedesk@pntech.net.

More Information 

Below are links to further information on Spectre and Meltdown. As always, if you have questions please contact your P&N professional.  

Scroll to Top