Netrix Security Operations is advising our customers of an important security vulnerability affecting nearly any device running an Intel or AMD chipset. The vulnerabilities are named Spectre and Meltdown, and also have a dedicated website. The vulnerability is in the chips themselves, the hardware, and therefore affects all operating systems (Windows, Mac, Linux). It will also likely affect many networking devices that run embedded vulnerable hardware. A major flaw in the way modern CPUs access cache memory could allow one program to access data from another program. The latest security vulnerability affects a majority of systems, if not all, used today.
1. Scanning your network using vulnerability scanning tools – Netrix partners with Tenable, and can assist you in running these scans, and identify which systems are vulnerable. Read more here.
2. Patching affected vulnerable systems as operating systems vendors release patches. Please note, not all vendors have released patches yet.
3. Harden / reconfigure systems (also address vulnerability issues).
4. Repeat #1 – verify there aren’t any remaining vulnerabilities or unpatched systems that were missed. Vulnerability management needs to be an ongoing process as new vulnerabilities (like Meltdown and Spectre) come out regularly, and assets, networks, and patches change regularly.
There is a downside to this vulnerability: the patches will reduce system performance anywhere from 5-30%. This may mean in some cases organizations will need to invest in newer, faster hardware to maintain the same levels of performance.
We have not yet seen any major data breaches or security incidents as a result of this vulnerability, but predict this will occur soon. Our team advises taking immediate corrective action.
If you need help fixing these issues and securing your network, we can help! Call Netrix today.