Skip to main content
Follow us on twitter Follow us on pintrest Follow us on linkedIn Follow us on instagram Follow us on Flickr
Spectre and Meltdown Information
Mike Heller
Project Manager
Data Center Home

What are Spectre and Meltdown vulnerabilities?
Spectre and Meltdown are names given to two identified vulnerabilities found within the chip sets that power most computers.  Meltdown is specific to Intel and Apple computer processors which are used in almost every personal computer.  This would include Windows computers, MACs and Chromebooks.  In addition to Intel and Apple chips, Spectre can affect almost all processor chips.  Therefore, this vulnerability can be found not only in computers but also in tablets, smart phones or other smart devices.
How are these dangerous to me?
Either of these vulnerabilities might be used to steal sensitive data, such as password, off of your computer, tablet or smart phone. 
Has anyone used Spectre or Meltdown successfully to steal data?
There have been no documented cases where someone successfully exploited these vulnerabilities.
How are these different from other software vulnerabilities that we hear about?
These are different from most computer vulnerabilities in that it is found within the hardware itself.  In order to speed up processing, the chip manufacturers built code right into the chips.  Usually hackers find vulnerabilities within a software program and the software developer then releases a software patch to address the vulnerability.  For example, a vulnerability found in Microsoft Office would be addressed by a security patch issued by Microsoft.  Since Meltdown and Spectre can be targeted to the chip itself, several approaches need to be taken to mitigate the risk.  There will be three levels of patching:
  • Firmware Level (Microcode)
  • Operating System Level
  • Application Level
How can I protect myself?
Hardware and software vendors are releasing patches and updates for Spectre and Meltdown as they are available.  The following two web sites offer a consolidation of information on these two vulnerabilities.  You will find links for many computer companies:
How do I update my firmware?
There are many companies who use the Intel chip sets that are vulnerable to Spectre and Meltdown.  The three manufacturers that are used most at the RIC and districts are:
HP has published microcode updates for many of their servers:  HP Server Firmware
Also, there are microcode updates for many of their laptops and desktops:  HP Workstation Firmware
Dell is offering firmware patches that must be applied to each server or workstation via a BIOS update procedure.
This link is an overview of the DELL response to Spectre and Meltdown:  Dell Response
This link has downloads for each BIOS and installation instructions:  Dell Firmware
Cisco has identified which models are vulnerable to these attacks:  Cisco Update
As mentioned in the Dell articles, the correct sequence of upgrades for VMWare is:
  • Apply the firmware update via BIOS update.
  • Apply the applicable operating system (OS) patch.
  • Apply hypervisor patches, browser and JavaScript engines updates where applicable.
You can get the VMWare patches for recent versions at the following link:  VMWare Patches
A step by step guide for upgrading a VMWare can be found here:  VMWare Guide

How do I upgrade my software to prevent Spectre and Meltdown attacks?
The best thing that you can do is make sure that your computer is up to date regarding your anti-virus software and operating system updates.  The recommended approach is:
  1. Update your anti-virus software and virus signatures.All major Anti-virus providers are adding protection against Spectre and Meltdown.Whether you use Sophos, McAfee, Symantec or any other anti-virus product, follow their procedure to update their software.
Here are some links to some common Antivirus software providers:
  1. Apply any updates from Microsoft, Apple and Google to protect your Operating System.
  • Windows based PCs. Make sure that your system is set for Automatic Updates.  The January 2018 Microsoft Security Updates include a patch that addresses Meltdown and Spectre.  Please note that the Microsoft patch will only be installed on systems whose Anti-Virus software provider has confirmed that they comply with Microsoft software standards.  The vendor must set a registry key that signals to Microsoft that they comply and it is safe to install the security update.  This is why you must update your Anti-virus software first and then update your Operating System.  Click here to view an online spreadsheet that tracks the progress of the Anti-virus providers in their patching and compatibility with Microsoft Updates.
The current patch for Windows 10:Windows 10 Update
The current patch for Windows 7:Windows 7 Update
Here is a Microsoft guide on Updating Windows.
  • MAC computers.  Apple released an Operating System update in December.  Perform any OS upgrades that your computer suggests.  Also, check the App Store for updates to software.  To do this, click the Apple icon in the top left corner, select App Store, click Updates and select the MacOS update.  Also in the App Store, you should update any software package that indicates that an update is available.
Here is an Apple Guide on Updating Mac OS.
  • Chromebooks.  Google announced that it patched their Chrome Operating System on December 15th.
Here is a guide from Google on Updating Chrome OS.

How do I protect my iPad or smart phone?
IPhones and iPads are vulnerable to Meltdown and Spectre.  Apple has issued a patch in December as part of their IOS 11.2 release.  To check and update your version of IOS, open the settings app, select General and then Software Update.  You should also update any software program, such as Safari, that issues a new release.  Click here for an Apple article on updating your Operating System.
Google has pushed out a fix to its own Android devices on January 2nd.If you want to check the software update status on a Google Nexus tablet or Google Pixel phone, Click here.
Other Android based tablets and phones will have to wait until the patches show up for their devices.Click hereto update your Android software manually.Consider purchasing an Android antivirus app and turn off "Unknown sources" in your Security settings.This can be done by opening your Settings app, select security and then uncheck Unknown Sources.
Last updated on 1/23/2018
Proudly serving 50 school districts in the Cayuga-Onondaga, Onondaga-Cortland-Madison, Oswego, and Tompkins-Seneca-Tioga BOCES regions
Meet our Featured Teacher: Tom Sweeney Meet our Featured Teacher: Tom Sweeney:
"Reception for the Woodland STEAM Club has been overwhelmingly positive, with almost 90 students (and counting) participating in club activities since its inception. The ... more >>

From Around the Region: McGraw Second-graders Become Published Authors From Around the Region: McGraw Second-graders Become Published Authors:
     McGraw second graders in Mrs. Rolewicz’s classroom know what it takes to become published authors!  Together - with the help ... more >>

Cortland Third-graders Raising Money to Bring Clean Water to Africa Cortland Third-graders Raising Money to Bring Clean Water to Africa:
The third grade classes, at Barry School, are collecting money for the organization Drop in the Bucket. Drop in the Bucket is an organization that focuses on raising ... more >>

Meet our Featured Teacher: Lauren Hallman Meet our Featured Teacher: Lauren Hallman:
"There has been a big difference in the culture of Lauren's classroom over the past nine months, as she’s transitioned into becoming more of a facilitator rather ... more >>

Public forum May 8 on Student Data Privacy Law Public forum May 8 on Student Data Privacy Law:
Because the protection and privacy of student data is paramount, members of the public will have the opportunity to offer input to state education officials on New York’s student data privacy law, ... more >>

From Around the Region: Hannibal CSD Raises Money for Children's Hospital From Around the Region: Hannibal CSD Raises Money for Children's Hospital:
An annual tradition continued at Fairley Elementary School recently, as students and the school community united to raise money for the Golisano Children’s Hospital. ... more >>

More Stories >>        
About Us
Staff Directory
Districts / BOCES
Help Desk
Staff Only

AV Repair
Data Center
Data Warehouse
Disaster Recovery/Information Security
Financial Services
Food Service Management
Instructional Technology
Local Government Service
Managed Technical Support
Student Services
Test Scoring
Central New York Regional Information Center
6075 East Molloy Road
PO Box 4866
Syracuse, NY 13221

Phone: 315.433.8300
Fax: 315.433.8368

CNYRIC Help Desk
Phone: 315.433.8345
give us feedback
soc audit
Developed by CNYRIC