Everything you want to know about the two of the newest vulnerablities Meltdown and Spectre
2018’s start has been a quite shaky for the computer world due to the fact of exposing two of the dangerous vulnerabilities discovered in the Computer system. If you have missed, here is a short story on what the vulnerabilities are.
In Short-What are these Vulnerabilities
Codenamed Meltdown and Spectre, these vulnerabilities allow a program to access data from another program or the reserved area of the OS, which it should not do so. Through a malicious code, one can access the data of another program, for example, a program can access the memory area of Google Chrome that has saved all your passwords. Meltdown vulnerability concerns the breach of OS level things and Spectre concerns program to program data breach through a code.
This vulnerability is hardware level so it concerns everything including your PC, Apple product, Android phone etc.
Who discovered them?
Meltdown vulnerability is discovered by three teams-Google Project Zero, Cyberus Technology and Graz University of Technology.
Spectre, on the other hand, is discovered by Google Project Zero and other universities(See here)
Who is affected?
All the modern systems made till date are vulnerable from either of the two. This includes Intel, AMD, and ARM.
What do I need to do?
Isolating against these vulnerabilities is something not achieved by patching the OS. A microcode update is also needed, that can come through BIOS update. However, Patching OS is a necessity and must be done (Acts as Step 1 of 2 you need to do)
So you need to
- Update the OS with 2018-01 Security updates.
- Keep Antivirus updated
- Update the firmware of the device. Consult the maker of the device for this.
Does it affect the performance of my Computer?
In Short, yes. For older systems, Microsoft says the performance might degrade up to 30 percent before however, you might notice a performance change on new modern processors. Please read the Blog post of Terry Myresonhere:
I am having an AMD System but I am not getting this update
Starting with 08.01.2017, Microsoft has temporarily blocked this update for AMD based systems due to the number of problems reported. If you are having problems after this update, use System Restore to undo the update operation. You can read more about this here:
You can read what Microsoft says about this vulnerability: