Skip to main content
heading
Follow us on twitter Follow us on pintrest Follow us on linkedIn Follow us on instagram Follow us on Flickr
Spectre and Meltdown Information
Mike Heller
Project Manager
mheller@cnyric.org
315-433-8371
Data Center Home
               

What are Spectre and Meltdown vulnerabilities?
Spectre and Meltdown are names given to two identified vulnerabilities found within the chip sets that power most computers.  Meltdown is specific to Intel and Apple computer processors which are used in almost every personal computer.  This would include Windows computers, MACs and Chromebooks.  In addition to Intel and Apple chips, Spectre can affect almost all processor chips.  Therefore, this vulnerability can be found not only in computers but also in tablets, smart phones or other smart devices.
How are these dangerous to me?
Either of these vulnerabilities might be used to steal sensitive data, such as password, off of your computer, tablet or smart phone. 
Has anyone used Spectre or Meltdown successfully to steal data?
There have been no documented cases where someone successfully exploited these vulnerabilities.
How are these different from other software vulnerabilities that we hear about?
These are different from most computer vulnerabilities in that it is found within the hardware itself.  In order to speed up processing, the chip manufacturers built code right into the chips.  Usually hackers find vulnerabilities within a software program and the software developer then releases a software patch to address the vulnerability.  For example, a vulnerability found in Microsoft Office would be addressed by a security patch issued by Microsoft.  Since Meltdown and Spectre can be targeted to the chip itself, several approaches need to be taken to mitigate the risk.  There will be three levels of patching:
  • Firmware Level (Microcode)
  • Operating System Level
  • Application Level
How can I protect myself?
Hardware and software vendors are releasing patches and updates for Spectre and Meltdown as they are available.  The following two web sites offer a consolidation of information on these two vulnerabilities.  You will find links for many computer companies:
 
How do I update my firmware?
There are many companies who use the Intel chip sets that are vulnerable to Spectre and Meltdown.  The three manufacturers that are used most at the RIC and districts are:
HP
HP has published microcode updates for many of their servers:  HP Server Firmware
Also, there are microcode updates for many of their laptops and desktops:  HP Workstation Firmware
 
DELL
Dell is offering firmware patches that must be applied to each server or workstation via a BIOS update procedure.
This link is an overview of the DELL response to Spectre and Meltdown:  Dell Response
This link has downloads for each BIOS and installation instructions:  Dell Firmware
 
Cisco
Cisco has identified which models are vulnerable to these attacks:  Cisco Update
 
VMWare
As mentioned in the Dell articles, the correct sequence of upgrades for VMWare is:
  • Apply the firmware update via BIOS update.
  • Apply the applicable operating system (OS) patch.
  • Apply hypervisor patches, browser and JavaScript engines updates where applicable.
You can get the VMWare patches for recent versions at the following link:  VMWare Patches
A step by step guide for upgrading a VMWare can be found here:  VMWare Guide

 
How do I upgrade my software to prevent Spectre and Meltdown attacks?
The best thing that you can do is make sure that your computer is up to date regarding your anti-virus software and operating system updates.  The recommended approach is:
  1. Update your anti-virus software and virus signatures.All major Anti-virus providers are adding protection against Spectre and Meltdown.Whether you use Sophos, McAfee, Symantec or any other anti-virus product, follow their procedure to update their software.
 
Here are some links to some common Antivirus software providers:
   
  1. Apply any updates from Microsoft, Apple and Google to protect your Operating System.
 
  • Windows based PCs. Make sure that your system is set for Automatic Updates.  The January 2018 Microsoft Security Updates include a patch that addresses Meltdown and Spectre.  Please note that the Microsoft patch will only be installed on systems whose Anti-Virus software provider has confirmed that they comply with Microsoft software standards.  The vendor must set a registry key that signals to Microsoft that they comply and it is safe to install the security update.  This is why you must update your Anti-virus software first and then update your Operating System.  Click here to view an online spreadsheet that tracks the progress of the Anti-virus providers in their patching and compatibility with Microsoft Updates.
 
The current patch for Windows 10:Windows 10 Update
The current patch for Windows 7:Windows 7 Update
 
Here is a Microsoft guide on Updating Windows.
 
  • MAC computers.  Apple released an Operating System update in December.  Perform any OS upgrades that your computer suggests.  Also, check the App Store for updates to software.  To do this, click the Apple icon in the top left corner, select App Store, click Updates and select the MacOS update.  Also in the App Store, you should update any software package that indicates that an update is available.
Here is an Apple Guide on Updating Mac OS.
  • Chromebooks.  Google announced that it patched their Chrome Operating System on December 15th.
Here is a guide from Google on Updating Chrome OS.

 
How do I protect my iPad or smart phone?
IPhones and iPads are vulnerable to Meltdown and Spectre.  Apple has issued a patch in December as part of their IOS 11.2 release.  To check and update your version of IOS, open the settings app, select General and then Software Update.  You should also update any software program, such as Safari, that issues a new release.  Click here for an Apple article on updating your Operating System.
 
Google has pushed out a fix to its own Android devices on January 2nd.If you want to check the software update status on a Google Nexus tablet or Google Pixel phone, Click here.
 
Other Android based tablets and phones will have to wait until the patches show up for their devices.Click hereto update your Android software manually.Consider purchasing an Android antivirus app and turn off "Unknown sources" in your Security settings.This can be done by opening your Settings app, select security and then uncheck Unknown Sources.
 
Last updated on 1/23/2018
Proudly serving 50 school districts in the Cayuga-Onondaga, Onondaga-Cortland-Madison, Oswego, and Tompkins-Seneca-Tioga BOCES regions
READ
OCM BOCES Hosts American Sign Language Rally OCM BOCES Hosts American Sign Language Rally:
On Apr. 16, Onondaga-Cortland-Madison (OCM) BOCES and the Central New York Regional Information Center (CNYRIC) partnered to host the American Sign Language (ASL) Rally, held at the OCM BOCES campus. ... more >>

Meet our Featured Teacher: Jessica Matzke Meet our Featured Teacher: Jessica Matzke:
" When integrating technology into her classroom, Jessica always wants it to be fun and interactive, but she also wants it to 'do more' than simply replace what ... more >>

From Around the Region: Solvay Kindergarten Students Combine STEM and the Gingerbread Man From Around the Region: Solvay Kindergarten Students Combine STEM and the Gingerbread Man:
How did the Gingerbread Man cross the river? Students from Solvay Elementary School worked together using their science, technology, engineering, and math (STEM) and social ... more >>

From Around the Region: Cortland Students Visit OCM BOCES From Around the Region: Cortland Students Visit OCM BOCES:
It’s never too early to think about your future… and having some hopes and dreams is important to leading a healthy life. All of our junior high students ... more >>

OCM BOCES Video Highlights Changes to NYS Learning Standards for 2018 OCM BOCES Video Highlights Changes to NYS Learning Standards for 2018:
The Onondaga-Cortland-Madison (OCM) BOCES has created a video that focuses on the New York State Learning Standards, discussing their purpose and highlighting some of ... more >>

Marcellus students craft reusable Marcellus students craft reusable "Boomerang Bags" for local shoppers:
A collaborative sustainability project undertaken by Marcellus students in grades 7-12 culminated this week with the presentation of a “Boomerang Bags” box ... more >>

More Stories >>        
FOLLOW
INSPIRE
...
Quicklinks
Services
About Us
Directions
Contact
Staff Directory
Districts / BOCES
Help Desk
Events
News
Staff Only
Vendors


Privacy
Departments
AV Repair
Data Center
Data Warehouse
Disaster Recovery/Information Security
e-Communications
Financial Services
Food Service Management
Instructional Technology
Local Government Service
Managed Technical Support
Network/Telecom/E-Rate
Printing
Student Services
Test Scoring
Central New York Regional Information Center
6075 East Molloy Road
PO Box 4866
Syracuse, NY 13221

Phone: 315.433.8300
Fax: 315.433.8368

CNYRIC Help Desk
Phone: 315.433.8345
Email: helpdesk@cnyric.org
give us feedback
soc audit
Developed by CNYRIC