What are the vulnerabilities?
A design flaw in computer processors (CPU’s) announced earlier this week introduced two vulnerabilities,?Meltdown (CVE-2017-5754) and?Spectre?(CVE-2017-5753 and CVE-2017-5715).
Meltdown primarily affects Intel CPUs and a demo code has been released to exploit the vulnerability. Many vendors have already released patches to address Meltdown. Because of the nature of the vulnerability, these patches may impact performance. Spectre?not only affects Intel processors but also AMD and ARM processors. This flaw is harder for attackers to exploit, but may be more difficult for companies to fix.?
What is the risk?
These bugs could allow hackers to steal data from your devices through malicious software or a hacked website, however there are currently no reports of this vulnerability being exploited by hackers. These vulnerabilities affect computer hardware dating to the mid-1990s, so updates to operating systems such as Windows, macOS, Linux, Android, and iOS are required to protect devices from these flaws.
What should I do?
Patching this vulnerability on servers, endpoints, and mobile devices is the only way to ensure it will not be exploited. Due to the large number of systems impacted, patching solutions will vary in both availability as well as potential impact. Denison ITS staff will test and deploy patches to College-managed technology resources (including College-owned computers), prioritizing based on system criticality.
For your personally owned devices — including smartphones, tablets, home computers, etc. — we recommend you use your device’s software update feature to make sure you are updated to the latest versions. This includes updating web browsers like Chrome and Firefox to the latest versions, which contain some protections against Spectre and Meltdown. Some manufacturers will be releasing updates in the weeks to come, so we recommend you continue to check your device’s update features for new versions. If you are running an old, unsupported operating system, you may need to update to a newer operating system version.