Submit Ticket Remote Access

Security Alert – Spectre and Meltdown

Update: 1/24/2018

Intel Firmware (Hardware) Update Delayed Due to Issues
Microsoft Software Patches Continue

Intel has released a statement asking vendors and customers NOT to update firmware with the first version of their firmware updates as these updates have been known to cause frequent reboot issues and system instability. We will monitor for new versions of the firmware updates and make recommendations when they have been tested and proven to have minimal impact on customers.

Additionally, Network People is methodically testing and rolling out the available Microsoft patches and we have seen very few issues so far.
We will continue to roll the Microsoft patches out in a controlled fashion.

Network People is reaching out to customers to discuss a more holistic and layered approach to security.
This is especially important while we wait for Intel and other vendors to provide fixes for these major security vulnerabilities.

 

 

 

Update: 1/18/2018

Spectre and Meltdown  Overview  

  • There are two new major security vulnerabilities that are affecting nearly every computer and smartphone worldwide
  • Existing antivirus and traditional security practices will NOT adequately protect you against these vulnerabilities
  • Unlike normal security issues, this issue involves a flaw in the hardware of devices and requires manual remediation
  • Hardware vendors are still working on finalizing solutions to these vulnerabilities and Network People is contacting each client individually to discuss our recommendations

 

Further Details

The names of the vulnerabilities are Spectre and Meltdown. These are hardware level vulnerabilities that affect the most popular CPU’s created within the last 20 years. It is expected that these vulnerabilities will be widely exploited and used to steal sensitive information such as passwords, social security numbers, and credit card numbers. The vulnerabilities are so bad that simply browsing the wrong website from a vulnerable computer or smartphone can cause your sensitive data to be stolen. Stolen credentials can lead to major data breaches affecting your entire company and your customers.

 

Network People Action Plan:

  1. Antivirus and traditional security practices will NOT adequately protect you against these vulnerabilities.
  2. Active-IT customers:
    • We have more comprehensive security solutions and we will be contacting each client individually to review our recommendations
  3. Active-IT Security and Active-IT Security Advanced customers:
    • You have other security measures already in place and included in your contract which will greatly increase your defense against the new vulnerabilities
    • Patching will still be required
  4. Both hardware and software patches need to be installed together to fully protect against the vulnerabilities. Most of the software patches are available but vendors are still working on hardware patches.
  5. Some systems will not be able to be patched because of performance or stability issues or because the systems are too old and no longer supported by the vendor. We will address such systems with customers on a case by case basis.
  6. Network People will begin rolling out the software patches, in stages, for all Windows and Mac computers that have the Red N
  7. Network People will contact each customer and recommend that they allow us to deploy the necessary hardware patches to complete the patching of the vulnerabilities on computers and other device
    • Due to the hardware nature of this vulnerability, the non-standard processes required may result in additional charges

 

For further information about Spectre and Meltdown vulnerabilities please visit this site: https://spectreattack.com/

 

 

MELTDOWN                             SPECTRE