In 2017, information security researchers from Google’s Project Zero and from European universities stumbled upon two major vulnerabilities in the architecture of microprocessors manufactured by Intel, Advanced Micro Devices, and other major chip makers. The two flaws are known as Meltdown and Spectre, and they could potentially present security risks to users of desktops, laptops, tablets, and smartphones powered by Microsoft, Apple and Linux operating systems.

Major Hardware Vulnerabilities Revealed

These two vulnerabilities could allow hackers to develop malware that would target the way the CPU processes information handled by the kernel, which is the core system of a computing device providing an interface between software applications and the hardware. In essence, an attacker who understands the Spectre and Meltdown flaws could spy on the data being processed within the system’s memory without exception.

[su_note note_color=”#F4f4f4″]The most worrisome aspect of this discovery is that it affects all systems designed to work in the x86 computing architecture developed by Intel, which means that virtually all modern computing devices could be compromised since CPU manufacturers follow the x86 model. The fact that Spectre and Meltdown could affect Linux distributions is of high concern since more than 80 percent of servers around the world run on various Debian and Fedora versions. Major cloud computing operators such as Google, Microsoft and Amazon moved quickly to patch their data centers and protect them against this issue.[/su_note]

Solutions to Looming Malware Threats

Although no malware taking advantage of Meltdown or Spectre has been reported, information security firms and antivirus software developers are rushing to come up with solutions. The burden is on operating systems developers, and it has been problematic for Microsoft thus far. In a bulletin published in early 2018, the company explained that security patches would be suspended until certain antivirus software developers updated their applications to include a specific registry key. As of January 8, for example, popular antivirus suites such as AVG, Kaspersky, and F-Secure had complied with the registry key inclusion as part of their regular updates; however, McAfee and BitDefender Gravity Zone had not, which means that certain Windows users would not receive their scheduled security update for January.

Some Windows 10 users who upgraded their Athlon AMD machines in recent years reported that they could not boot their systems after the January security update addressing Spectre and Meltdown; for this reason, Microsoft froze its AMD patching efforts until further notice.

If your Windows system in the High Desert is having problems with the latest Microsoft updates, contact A Plus Computers for a solution.