What are they?

New vulnerabilities called  Meltdown and Spectre have been found in computer processors  built after 2009 that allow a program to steal data from your computer system’s memory without your permission or knowledge.  It affects everything that has a computer processor including your computer, tablet, phone and IoT (Internet of things such as a smart thermostat).

Why should I be concerned?

These vulnerabilities have the potential to allow hackers to covertly fetch sensitive information  such as passwords from system memory allowing access to your online banking, social networking accounts and the like. To make matters worse, the attack can be made via your browser.

How is the problem fixed?

As these vulnerabilities are in the main processing chip on the computer, the ultimate fix will be to change the processor codes, the firmware or the chip itself.  However, the problem can be mitigated by modifying how the software interacts with the processor. As a result, software and hardware vendors are currently developing patches for these vulnerabilities.

What is IT Services doing about it?

We are following our standard processes to manage the patches for these vulnerabilities.

What do I have to do?

You do not need to update your workstation, it will be done by the MRU patch management process.  Your regular updates include all required patches. If you have a Mount Royal laptop or device and you aren’t sure that it is getting updated, please visit the IT Service Desk.

Install updates for all your personal portable devices and home machines as soon as they become available.  Make sure that your browser is updated as well. Please note that not all anti-virus programs are compatible with Microsoft’s latest updates. If your machine has incompatible anti-virus software, the Microsoft updates will not be uploaded and your machine will be left vulnerable. Check your anti-virus program’s website to see if it is compatible.

Make sure you visit official/trusted websites to get your updates or use the update feature from within your software.  We do not recommend clicking on links and opening attachments in emails claiming to have a link to the latest updates or patches.  Criminals may take this opportunity to send out fake security patch or update emails with malicious links to try and trick you into downloading their malware.

For more details on the vulnerabilities, check out the sources for this article:

• https://security.ias.edu/what-im-doing-about-meltdown-and-spectre
• https://blog.barkly.com/meltdown-spectre-bugs-explained?utm_source=hs_email&utm_medium=email&utm_content=59793819&_hsenc=p2ANqtz-8rqyrd29_vLfOEF9J8ljck2Ww_K7aagIHFIJ6xJd2S0B99cx9imk-7aLq4YL-juWfpdGSfmP80d0yBSK_4WRBT2l-I3A&_hsmi=59793819
• https://krebsonsecurity.com/2018/01/scary-chip-flaws-raise-spectre-of-meltdown/
• http://bgr.com/2018/01/05/meltdown-spectre-fix-windows-patch-anti-virus-updates/