Meltdown and Spectre - The Phantom Menaces

By now, I am sure that you have heard the news about the horrors that have befallen the IT world in the form of Meltdown and Spectre. While these are serious vulnerabilities requiring prompt and thorough remediation, let me start by saying that the 24-hour news cycle did what it often does and stirred panic before panic was warranted. With that being said, I would rather they do that than quietly slide the info in on the crawler because this is, without a doubt, the single-most dangerous vulnerability ever found in modern computers.

Don't believe me? Well just imagine a scenario where a single hacker (that's right, one guy) signs up for a free cloud instance from Amazon, runs some code and quickly gains access to every single piece of data in the memory of millions of OTHER businesses and government servers. Credit cards, social security numbers, and billions of other records. That's the potential. And that was technically possible.

So why not panic? Because there's more to the story than the sensational headlines.

We have been working with our software partners as well as monitoring the developments from the affected global leaders (Microsoft, Apple, Intel & AMD) to make sure we are doing what we can to prepare, test and deploy fixes. There are several reasons not to lose sleep. The nightmare Amazon scenario above has already been mitigated because the world's biggest cloud providers already addressed the issue before the general public even knew about it. Neither Webroot nor SentinelOne (our antivirus providers) have seen any indication that there are exploits of Meltdown or Spectre in the wild yet. And these exploits are 2nd-level exploits meaning the attacker would need to already have access to the system or need to have tricked a user into visiting an infected website in order to cause any harm. Thanks to the concerted global effort to quickly identify and patch these vulnerabilities plus the fact that these vulnerabilities did not include a direct attack vector (the hackers have to wait until you make a mistake), it appears that the world will likely be spared the effects of what otherwise would likely have been the world’s worst “hack” to date.

But we are not out of the woods yet. The Microsoft patch that addresses these vulnerabilities will NOT install unless a specific registry key is set. Webroot will be rolling out an update tomorrow that will set that key for you or you could install the registry key manually at any time. Given all of these circumstances, we have opted to wait for the update from Webroot tomorrow. At the time of this post, SentinelOne has not published a plan to automate the registry key so we have already pushed the registry key to those clients running SentinelOne. We also pushed the registry key to a few key machines that we felt warranted special attention and/or were candidates for testing the patch. So far, we have not seen any ill effects (always a danger with a fast-publish update like this one). As of right now, we have about 10% deployment of the Microsoft patch and we expect that number to jump to over 75% tomorrow by the end of the day, after Webroot updates. The biggest thing holding that deployment number down will be machines that are offline which, obviously, can’t be exploited anyway and which will be updated as soon as they come back online.

Vulnerabilities like Meltdown and Spectre are exactly why everyone should partner with a good Managed IT Service Provider and exactly why we push out patches every single day, quietly protecting your IT investment from the constant barrage of threats. But patches are just once piece of the overall IT security puzzle. By partnering with Technology One, you have a team of IT professionals working 24 hours a day, 7 days a week to manage every aspect of your network security including patching, antivirus, SPAM filtering, internet content filtering, off-site backups and more. We even delve into the Dark Web to root out those evildoers who would sell your valuable credentials should they ever gain access to them by using Meltdown, Spectre or the latest virus du jour. (Requires a Gold Service Plan).

For the technical types, more info can be found by clicking here.

Stay vigilant, be careful what websites you visit (only click links in emails from PEOPLE YOU TRUST and only click links that you are EXPECTING to receive) and rest easy knowing that Technology One has you covered!

Regards,

Bryan