Meltdown and Spectre Threat – 1/8/18

At the end of last week, researchers discovered two new major vulnerabilities, now known as Meltdown and Spectre, which affect most computing devices made in the past two decades. We want to keep you and your company up to speed with what these are and how Infranet is helping to mitigate your risk. We thank you for the opportunity to serve and support you, your end users, and your business.

Threat/Vulnerability Overview
Meltdown and Spectre are the result of a flaw with multiple computer chip makers that allows information to be exposed to unauthorized processes; these flaws break basic security for practically all computers. Modern computer processors are designed to predict what task they will be asked to execute and rapidly access multiple areas of memory at the same time. Computer chips are supposed to protect and isolate instructions to ensure that data cannot be exposed, but researchers found there to be instances where this does not hold true. Because of their widespread impact and severity, these are critical security flaws.

What does this mean for you as an I-Care Managed Services Customer?
There’s good news if you are an Infranet I-Care Managed Services client!

Although the vulnerabilities and their patching are complicated and require coordination amongst major software makers – antivirus software must permit the operating system to apply the update, and the operating system in turn must permit updates for additional products. Infranet’s I-Care antivirus software was updated last week, and initial patches to major software products – including Microsoft Windows and SQL, Internet Explorer, and Edge – have already been released and applied by the I-Care agent to systems that were online over the weekend.

To ensure that all devices are patched as rapidly as possible, if you are an I-Care Managed Services customer, we ask that you please leave your machine on during the night so that we can deliver the patches to secure your device. If your computers were on during the weekend, then you should have already received the patch. We will be confirming the delivery of patches by company and computer during the week of January 8 and remediating systems with problems. If you have questions, please reach out to your account manager and they will be more than happy to assist.

What if I am not an I-Care Managed Services Customer?
If you are not an I-Care Managed Services customer, we will not be able to automate the patches for your end users, but can still help with manual patching of your systems. We are dedicated to keeping your employees and company safe from security threats no matter if you are managed or not. Please reach out to your account manager or any member of the Infranet team and we will be glad to assist.

We have seen an increase in threats over the past year and we don’t see that trend changing anytime soon. If you would like to discuss protecting your environment with proactive support and automation, please don’t hesitate to reach out to us at [email protected] or (910) 392-0944.