Skip to main content
heading
Follow us on twitter Follow us on pintrest Follow us on linkedIn Follow us on instagram Follow us on Flickr
log in Events
Spectre and Meltdown Information
Mike Heller
Project Manager
mheller@cnyric.org
315-433-8371
Data Center Home
               

What are Spectre and Meltdown vulnerabilities?
Spectre and Meltdown are names given to two identified vulnerabilities found within the chip sets that power most computers.  Meltdown is specific to Intel and Apple computer processors which are used in almost every personal computer.  This would include Windows computers, MACs and Chromebooks.  In addition to Intel and Apple chips, Spectre can affect almost all processor chips.  Therefore, this vulnerability can be found not only in computers but also in tablets, smart phones or other smart devices.
How are these dangerous to me?
Either of these vulnerabilities might be used to steal sensitive data, such as password, off of your computer, tablet or smart phone. 
Has anyone used Spectre or Meltdown successfully to steal data?
There have been no documented cases where someone successfully exploited these vulnerabilities.
How are these different from other software vulnerabilities that we hear about?
These are different from most computer vulnerabilities in that it is found within the hardware itself.  In order to speed up processing, the chip manufacturers built code right into the chips.  Usually hackers find vulnerabilities within a software program and the software developer then releases a software patch to address the vulnerability.  For example, a vulnerability found in Microsoft Office would be addressed by a security patch issued by Microsoft.  Since Meltdown and Spectre can be targeted to the chip itself, several approaches need to be taken to mitigate the risk.  There will be three levels of patching:
  • Firmware Level (Microcode)
  • Operating System Level
  • Application Level
How can I protect myself?
Hardware and software vendors are releasing patches and updates for Spectre and Meltdown as they are available.  The following two web sites offer a consolidation of information on these two vulnerabilities.  You will find links for many computer companies:
 
How do I update my firmware?
There are many companies who use the Intel chip sets that are vulnerable to Spectre and Meltdown.  The three manufacturers that are used most at the RIC and districts are:
HP
HP has published microcode updates for many of their servers:  HP Server Firmware
Also, there are microcode updates for many of their laptops and desktops:  HP Workstation Firmware
 
DELL
Dell is offering firmware patches that must be applied to each server or workstation via a BIOS update procedure.
This link is an overview of the DELL response to Spectre and Meltdown:  Dell Response
This link has downloads for each BIOS and installation instructions:  Dell Firmware
 
Cisco
Cisco has identified which models are vulnerable to these attacks:  Cisco Update
 
VMWare
As mentioned in the Dell articles, the correct sequence of upgrades for VMWare is:
  • Apply the firmware update via BIOS update.
  • Apply the applicable operating system (OS) patch.
  • Apply hypervisor patches, browser and JavaScript engines updates where applicable.
You can get the VMWare patches for recent versions at the following link:  VMWare Patches
A step by step guide for upgrading a VMWare can be found here:  VMWare Guide

 
How do I upgrade my software to prevent Spectre and Meltdown attacks?
The best thing that you can do is make sure that your computer is up to date regarding your anti-virus software and operating system updates.  The recommended approach is:
  1. Update your anti-virus software and virus signatures.All major Anti-virus providers are adding protection against Spectre and Meltdown.Whether you use Sophos, McAfee, Symantec or any other anti-virus product, follow their procedure to update their software.
 
Here are some links to some common Antivirus software providers:
   
  1. Apply any updates from Microsoft, Apple and Google to protect your Operating System.
 
  • Windows based PCs. Make sure that your system is set for Automatic Updates.  The January 2018 Microsoft Security Updates include a patch that addresses Meltdown and Spectre.  Please note that the Microsoft patch will only be installed on systems whose Anti-Virus software provider has confirmed that they comply with Microsoft software standards.  The vendor must set a registry key that signals to Microsoft that they comply and it is safe to install the security update.  This is why you must update your Anti-virus software first and then update your Operating System.  Click here to view an online spreadsheet that tracks the progress of the Anti-virus providers in their patching and compatibility with Microsoft Updates.
 
The current patch for Windows 10:Windows 10 Update
The current patch for Windows 7:Windows 7 Update
 
Here is a Microsoft guide on Updating Windows.
 
  • MAC computers.  Apple released an Operating System update in December.  Perform any OS upgrades that your computer suggests.  Also, check the App Store for updates to software.  To do this, click the Apple icon in the top left corner, select App Store, click Updates and select the MacOS update.  Also in the App Store, you should update any software package that indicates that an update is available.
Here is an Apple Guide on Updating Mac OS.
  • Chromebooks.  Google announced that it patched their Chrome Operating System on December 15th.
Here is a guide from Google on Updating Chrome OS.

 
How do I protect my iPad or smart phone?
IPhones and iPads are vulnerable to Meltdown and Spectre.  Apple has issued a patch in December as part of their IOS 11.2 release.  To check and update your version of IOS, open the settings app, select General and then Software Update.  You should also update any software program, such as Safari, that issues a new release.  Click here for an Apple article on updating your Operating System.
 
Google has pushed out a fix to its own Android devices on January 2nd.If you want to check the software update status on a Google Nexus tablet or Google Pixel phone, Click here.
 
Other Android based tablets and phones will have to wait until the patches show up for their devices.Click hereto update your Android software manually.Consider purchasing an Android antivirus app and turn off "Unknown sources" in your Security settings.This can be done by opening your Settings app, select security and then uncheck Unknown Sources.
 
Last updated on 1/23/2018
Proudly serving 50 school districts in the Cayuga-Onondaga, Onondaga-Cortland-Madison, Oswego, and Tompkins-Seneca-Tioga BOCES regions
READ
From Around the Region: Baker Senior Selected for Prestigious Orchestra:
Parker Bruce, a senior at Baker High School, has been invited to perform with the NYO2, a program of the Weill Music Institute of Carnegie Hall. Selection for the orchestra ... more >>

Meet our Featured Teacher: Kimberly Kanuck:
"By giving students the digital tools to start a project from inception to completion, Kimberly introduced them to entirely new ways of integrating technology into their ... more >>

From Around the Region: C-NS students building energy-efficient car for Eco Competition:
The Performance Engineering Team at Cicero-North Syracuse High School is a group of ambitious, hard-working students who meet every day after school and work together to build energy-efficient vehicles. ... more >>

CNYRIC's "Beyond the Buzz" Featured in NYSED Newsletter:
The New York State Education Department (NYSED) recently featured the CNYRIC's work with one-to-one (1:1) computing in the  January 2018  edition of its ... more >>

From Around the Region: Liverpool Students and Staff Participate in Hour of Code:
Coding has become one of the most important job skills employers seek in potential workers and it’s a skill gaining importance in fields beyond technology.  ... more >>

Meet our Featured Teacher - Alaina Weinsztok:
"Through the integration of technology into classroom and lab activities, Alaina's students gained invaluable skills that they’ll carry with them well beyond high ... more >>

More Stories >>        
FOLLOW
INSPIRE
...
Quicklinks
Services
About Us
Directions
Contact
Staff Directory
Districts / BOCES
Help Desk
Events
News
Staff Only
Vendors


Privacy
Departments
AV Repair
Data Center
Data Warehouse
Disaster Recovery/Information Security
e-Communications
Financial Services
Food Service Management
Instructional Technology
Local Government Service
Managed Technical Support
Network/Telecom/E-Rate
Printing
Student Services
Test Scoring
Central New York Regional Information Center
6075 East Molloy Road
PO Box 4866
Syracuse, NY 13221

Phone: 315.433.8300
Fax: 315.433.8368

CNYRIC Help Desk
Phone: 315.433.8345
Email: helpdesk@cnyric.org
give us feedback
soc audit
Developed by CNYRIC