Protect your Windows Devices against Spectre and Meltdown Vulnerabilities

Spectre Meltdown Protection

The recent vulnerabilities in modern day processors known as “spectre” and “meltdown” were discovered and became mainstream in the news in January of 2018.  Computer Warriors IT Support has been following the developments around patching against these vulnerabilities and have been applying needed patches for machines covered in our protection plans.

It is important to note that these vulnerabilities are still in proof on concept phase – there are no known exploits yet, but it has been proven in test environments that data can be stolen by “tricking” the processor with inherent vulnerabilities in the microcode of the processor.  However, we are taking these threats very seriously and are proactively working to protect your devices.

For our contract clients, we are handling the first two items below at no cost to you.  If you have a peace of mind plan with us, the final updates will also be patched at no cost.  However, you should keep reading to understand the 3rd step you will need to take, or contract us to take, if you truly wish to patch your devices fully from these threats.  If you are not on contract with us, I highly advise you read through this article carefully so that you can patch your own systems, or reach out to us for paid assistance to take care of this for you.

There are several key areas that need to be patched in order to fully protect systems from these vulnerabilities.

  1. First off, some anti-virus programs have caused compatibility issues with Microsoft’s first round of updates to patch against these vulnerabilities in January of 2018.  There are registry keys that need to be added in order for the updates to properly apply.  Information regarding this can be found at the following link, but note that if your devices are managed by us with a protection plan, we have already set this key for you.  https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software
  2. Microsoft Windows has several updates that need to be applied.  These should come in automatically from Windows Update Servers, but without the above registry key, the installation may not proceed.  However, some of the most recent microcode updates from Microsoft are only available on the update catalog site, and are not being applied automatically via windows updates.  This is for the 6th generation intel processors for Windows 10 version 1709 and Server version 1709.  We will be applying these patches via scripting for those devices this applies for.  You can find more information here:  https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates
  3. Computer systems also need to be updated at the hardware level through BIOS or Firmware updates.  This is the tricky part.  These updates we will not be able to apply automatically.  Please note, there is an inherent risk of updating the BIOS in any computer.  The BIOS update could be faulty, the system could lose power unexpectedly, etc.  If this happens, the computer will be rendered useless until the motherboard is replaced.  If you are comfortable patching your own devices, we have provided links below for many of the current vendors.  Please note, some older systems may not show up on the OEM site list.  If that is the case, your OEM provider may not actually be providing a patch for this vulnerability.  This means you will either need to stay unprotected, or replace your device.  If you would like a quote for a replacement device, please do not hesitate to reach out to us.  Check out our pricing schedule below for performing these BIOS updates:
    1. No Plan / Silver Plan:  $50 per device (min 1 hour trip charge if 2 devices or less)
    2. Gold Plan: $25 per device (min 1 hour trip charge if 4 devices or less)
    3. Peace of Mind Plan: FREE – contact us for scheduling

 

OEM Device Manufacturers

Link to microcode availability
Acer https://us.answers.acer.com/app/answers/detail/a_id/53104
Asus https://www.asus.com/News/YQ3Cr4OYKdZTwnQK
Dell https://www.dell.com/support/meltdown-spectre
Epson http://www.epsondirect.co.jp/support/information/2018/secure201801b.asp
Fujitsu
HP https://support.hp.com/document/c05869091
Lenovo https://support.lenovo.com/us/en/solutions/len-18282
LG https://www.lg.com/us/support
NEC http://jpn.nec.com/security-info/av18-001.html
Panasonic https://pc-dl.panasonic.co.jp/itn/vuln/g18-001.html
Samsung http://www.samsung.com/uk/support/newsalert/102095
Surface Surface Guidance to protect against speculative execution side-channel vulnerabilities
Toshiba http://go.toshiba.com/intel-side-channel
Vaio https://solutions.vaio.com/3316

 

Server OEM Manufacturers Link to microcode availability 
Dell https://www.dell.com/support/meltdown-spectre
Fujitsu http://www.fujitsu.com/global/support/products/software/security/products-f/jvn-93823979e.html
HPE http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html
Huawei http://www.huawei.com/au/psirt/security-notices/huawei-sn-20180104-01-intel-en
Lenovo https://support.lenovo.com/us/en/solutions/len-18282

If you want some “light” reading on the topic, you can find all the details here:  https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html

Also, Microsoft has a full article regarding this at the following link including FAQs:

https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown

If you have any questions, reach out to us at 910-726-1595, or you can E-mail [email protected] to create a ticket in our help desk portal.  Remember, here at Computer Warriors IT Support, “We are in I.T. Together!”

Tags:

Leave a Reply