What you need to know.
Researchers recently discovered how to exploit two design flaws in the processors used in most modern computers—Windows, Mac, and Linux machines, as well as many Android and iOS devices. This hardware flaw is present on Intel, AMD, and ARM processors manufactured over the past 10+ years, meaning that every computer on your network, including your workstation, is at risk.
This pair of very similar hardware flaws allow hackers to use malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do this, because they are isolated from each other and from the operating system. This hardware bug breaks that isolation and allows an attacker to bypass certain protections and gain access to any data on your operating system that they normally would be unable to access.
How you could be affected.
It’s important to understand that like any other threat in the past, this vulnerability can’t be exploited if you don’t get malware on your system in the first place.
This means that only if your computer has been infected with malware can hackers exploit this flaw and gain access to the passwords stored in your password manager or browser, your emails, instant messages and even business-critical documents.
What you can do moving forward.
Vendors are releasing patches as quickly as they can, but in the meantime, we recommend following the best practices below:
- Inventory your systems.
- Assess for the biggest system risk(s).
- Apply the patches prioritized based on the risk.
- Make sure not to overlook any shared (virtual) infrastructure.
- Patch web browsers (this one is very important).
And as always, remain calm.
For customers currently under our Dynamic Quest QuestCare Managed IT support plan, we are already in the process of investigating options to help protect your environment so no need for action on your part – just an awareness.
For organizations not under the Dynamic Quest QuestCare Managed IT Support plan, please feel free to contact Cliff Bean at cbean@dynamicquest.com (336-389-4610) and he can help route you to our team that is heading up the process to ensure your technology systems are protected.