There is a good amount of attention already circulating related to the Spectre & Meltdown Vulnerabilities. With the high likelihood of expanded media attention over the next few days I wanted to share some information.
The following site has a good overview and links to some detailed information.
Below are some of the key take-aways:
- These vulnerabilities are hardware based and will impact most computers & servers (Windows, Mac, and Linux).
- The vulnerabilities can be exploited to collect information directly from memory (including passwords, encryption keys, and other sensitive information).
- Patches are being released but carry some cautions.
- Windows patches will not run on systems with in-compatible Anti-Virus (many are not currently compatible).
- The patch can impact performance of the system.
- Virtualized and Cloud environments present higher potential risk due to the nature of the data exposure.
- The potential impact of these vulnerabilities is likely to evolve and grow as time continues.
- Implement patches as they become available.
- Monitor systems for performance & security concerns.
- Check with key software providers/vendors (cloud solutions) on their exposure and mitigations.
- Be watchful for continuing developments.
Mark Ackerly, CISM | Information Security Officer
The University of Vermont
P: 802-656-1174 | [log in to unmask]