Researchers have recently disclosed two industry-wide, hardware-based bugs that can exploit critical vulnerabilities in modern processors.
These vulnerabilities, named Meltdown and Spectre, make it possible for programs to steal data that is being processed on your computer. They impact many different computing systems, including servers, desktops, laptops, and Cloud computers, and allow malicious programs to access data that is stored in the memory of other running programs. This can include (but is not limited to) passwords, emails, instant messages, and other critical documents.
For more information about the Meltdown and Spectre vulnerabilities, see:
- Microsoft's Response
- Google's Response
- Technical details for Meltdown (CVE-2017-5754: Rogue data cache load) and Spectre (CVE-2017-5753: Branch target injection / CVE-2017-5715: Bounds-check bypass)
Operating system fixes
Sparkrock's Cloud customers are protected from the Meltdown vulnerability by the Microsoft Azure updates that Microsoft has applied overnight on January 3rd, 2018. Microsoft is also continuing to monitor Azure services and will further tune their response as required. Sparkrock will verify that all operating system updates have been applied to your environment.
On-premises customers should ensure that their servers and desktop systems have the latest Microsoft updates applied. Windows 10 updates are provided by update KB4056890 which is automatically pushed to the systems and applied on restart. Please be aware that there are currently some known issues with this update (see the Known Issues with Update section in the link provided for more information).
Customers using Windows 10 should update their operating system immediately. Customers using Windows 7 and 8 operating systems will be updated on Tuesday, January 9th, or these updates can be obtained directly from Microsoft by your IT team, if you wish to apply them now. Windows Server operating system updates are being actively published by Microsoft. More specific and up-to-date guidance for your IT team can be found on the Microsoft Support site (see Windows Client Guidance and Windows Server Guidance as appropriate).
Mac OS users should update their operating system to version 10.13.2 or later.
Most Linux providers are still composing their response. See your individual Linux distribution provider for more details.
Google Chrome: Update your browser to the latest version. To do this, open the Help menu and select About Google Chrome. The update is automatically applied. Google also recommends using Site Isolation.
Mozilla Firefox: All Firefox users should upgrade their browsers to Firefox 57. For more information, see here.
Microsoft Browsers: Microsoft Edge and Internet Explorer automatically update when you download and apply the operating system updates. For more information, see here.
Your IT team should also evaluate if a firmware update should be applied to your computer systems. Intel firmware updates should be released shortly by your computer hardware vendors. Note that applying a BIOS fix is a technical operation best performed by your IT team. We also expect that the major hardware vendors will provide a tool to simplify the application the necessary fixes in the near future.
An industry response to the Spectre and Meltdown vulnerabilities is still evolving. The security of Sparkrock's customer's information is our top priority. We will continue to monitor the situation closely and make updates to this page as more information is released.