Microsoft SECURITY THREAT: Spectre and Meltdown


Two new vulnerabilities aimed at Windows users have been recently discovered. “Spectre” and “Meltdown,” target chips designed to make devices run faster. Devices with chips from Intel. AMD, and ARM are at risk. Essentially any Windows operating system device can be targeted.

What do we know?

Microsoft is aware of new vulnerabilities in hardware processors named “Spectre” and “Meltdown.” These are a newly discovered class of vulnerabilities based on a common chip architecture that, when originally designed, was created to speed up computers. The technical name is “speculative execution side-channel vulnerabilities.” These vulnerabilities utilize CPU data cache timing to leak information leading to virtual memory read vulnerabilities.

Who is affected?

Affected chips include those manufactured by Intel, AMD, and ARM, which means all devices running Windows operating systems are potentially vulnerable (e.g., desktops, laptops, cloud servers, and smartphones). Devices running other operating systems such as Android, Chrome, iOS, and MacOS are also affected. We advise customers running these operating systems to seek guidance from those vendors.

So far there have been no known widespread threats but the vulnerability has yet to be patched.

What’s being done to fix it?

As of January 3, 2018, Microsoft released several updates to help protect customers. Microsoft has also deployed updates to secure our cloud services and Internet Explorer and Microsoft Edge browsers. Microsoft will continue to work closely with industry partners including chip makers, device manufacturers, and app vendors.

What steps should I take to protect my devices?

You will need to update both your hardware and your software to address this vulnerability. This includes firmware updates from device manufacturers and, in some cases, updates to your antivirus software as well.

To receive all available protections, follow the steps below to get the latest updates for both software and hardware. As always Datasmith is available anytime to ensure you are protected. 

Before your begin, make sure your antivirus (AV) software is up to date and compatible. Check your antivirus software manufacturer’s website for their latest compatibility information. Antivirus software updates should be installed first. Operating system and firmware updates should follow.

  1. Keep your Windows device up to date by turning on automatic updates.
  2. Check that you’ve installed the January 2018 Windows operating system security update from Microsoft. If automatic updates are turned on, the updates should be automatically delivered to you, but you should still confirm that they’re installed. For instructions, see Windows Update: FAQ
  3. Install available hardware (firmware) updates from your device manufacturer. All customers will need to check with their device manufacturer to download and install their device specific hardware update. See below for a list of device manufacturer websites.