You will have seen a lot in the news about these two threats to the devices that you use and \/ or manage.<\/p>\n
‘Meltdown’ and ‘Spectre’ are two related, side-channel attacks against modern CPU microprocessors that can result in unprivileged code reading data it should not be able to.<\/p>\n
<\/p>\n
Most devices from smartphones to servers may be vulnerable. Intel, ARM and AMD have recognized the problem with thier processors, other processors may or may not be affected. Companies are working on patches to mitigate the issue.\u00a0 Here is the best advice:<\/p>\n
Patch your devices as soon as possible<\/strong>.<\/p>\n Processors in most devices employ a range of techniques to speed up their operation. The Meltdown and Spectre vulnerabilities allow some of these techniques to be abused, in order to obtain information about areas of memory not normally visible to an attacker. This could include other sensitive data. So as stated above patch your devices as soon as the patch comes out.\u00a0 Those of you with lots of servers \/ devices to look after should prioritize the ones with the most sensitive data.<\/p>\n For the more technical these Common Vulnerabilities and Exposures (CVE) have been explained here on mitre.org :<\/p>\n Spectre\u00a0(bounds check bypass and\u00a0branch target injection):
\nCVE-2017-5753<\/a>\u00a0and\u00a0CVE-2017-5715<\/a><\/p>\n