Security Alert & Update: Meltdown and Spectre Flaws
As needed, DoxTek provides important Security Alerts to our customers and business partners. Earlier this week DoxTek was made aware of the recently disclosed “Meltdown” and “Spectre” flaws that have potential to impact most personal and business computer hardware central processing units/microchips used today. These flaws could allow hackers access to sensitive data like user information, passwords, or business-critical documentation. Devices connected to the cloud may also be at risk.
- Meltdown affects Intel chips in laptops, desktop computers, and internet servers. Although this issue is easier to exploit, it is also easier to patch.
- Spectre affects Intel, ARM, and AMD chips in smartphones, tablets, and computers. This flaw is more difficult for hackers to exploit, but “Spectre” is also more difficult to mitigate and may require hardware changes.
We would like to share some status updates and links you can follow for more information, the patches that major operating system providers have released, and some actions you can take to safeguard your organization.
- Windows OS: Microsoft has issued a patch update for Windows 10 and below. The patch addresses over 50 issues and we highly recommend this update for Intel-based systems. If you use an AMD system, ensure you back up your data and have a recovery plan in place, as there have been reports of the update causing the “blue screen of death”.
- Microsoft Edge/Internet Explorer Browser: The most recent version of Edge and IE include fixes for the bugs.
- Apple macOS, iOS: Apple has released a patch to reduce the effects of “Meltdown” in the latest iPhone and iPad OS update – iOS 11.2 and macOS 10.13.2.
- Safari Browser: Apple reports that an update to its Safari browser will be coming soon.
- Google Chrome: Google has the Chrome 64 update which will be released on January 23, 2018. In the meantime, Google offers an experimental feature “Site Isolation” that protects against some types of security bugs.
- Google Cloud: Google has updated their public cloud services but customers should also perform updates to their operating systems.
- Firefox Browser: Mozilla has released Firefox version 57.0.4 to mitigate these risks.
- AWS: Amazon released a patch in December 2017 that will mitigate the risks of “Meltdown” and they recommend customers patch their operating systems.
- ViaWest has communicated to DoxTek that they are “actively prioritizing fixes based on published criticality and applying updates to its infrastructure to address this vulnerability.” Also “ViaWest has not received any information to indicate that these vulnerabilities have been used to attack us or our clients.” Updates and notifications will be communicated to DoxTek hosted customers as they are received.
Actions you can take:
- Test and apply patches and updates that are recommended by your key hardware/software vendors (i.e. Microsoft, Apple, Google, etc.) and reboot those devices when complete so the patches are fully in place.
- Only download software from “trusted sources”.
- Avoid emails from unknown senders and suspicious links.
- Install an ad blocker on your web browser to protect yourself from ads containing malware.
- Have a designated IT team member to whom you can report potential security risks.
- Don’t wait to make these changes. The patches are intended to protect consumers from potential risk and though there have been no reports of data breaches, the risk still exists.
If you have questions or concerns on how the “Meltdown” and “Spectre” exploits and flaws may affect your organization and your DoxTek supplied software, please contact DoxTek’s Technical Support team at (866) 678-8400 or contact your Account Manager to request a System Health Check. During a health check, the DoxTek team will determine if your infrastructure, software versions, usage statistics, and process flows are all performing as they should. Make sure your organization is as protected as possible by taking the recommended steps today!