What You Need to Know About Spectre and Meltdown

It’s 2018 and we are already starting the new year off with two new security risks with the recent processor vulnerabilities called Meltdown and Spectre. On Tuesday January 2, security researchers published a significant finding whereby a flaw in nearly all modern microprocessor chips allow for attackers to gain varying levels of access into protected kernel memory areas. The kernel is the core of a computer’s operating system with complete control over everything on the computer system. Fixes for many OS’s are available in the form of a security patch.

How serious is this?
Meltdown is “probably one of the worst CPU bugs ever found” according to Daniel Gruss, one of the researchers at Graz University of Technology who discovered the flaw. It is very serious in the short term and needs immediate attention. The underlying issue with Meltdown is that anything that runs as an application could potentially steal your data, including passwords and javascript from a web page viewed in a browser.

Spectre is more difficult for hackers to take advantage of but is also more difficult to fix, and is expected to be a bigger problem in the long term.

Who is affected?
These two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security concerns, potentially allowing an attacker to read sensitive data stored in the memory. Almost every computing system (desktops, laptops, smartphones, and cloud servers) — is affected by the Spectre bug. Meltdown appears to be specific to Intel, impacting all Intel systems from laptops to servers.

National Cyber Security Centre Guidance:


US-CERT (United States Computer Emergency Readiness Team) has a helpful list of affected vendors and links to associated remediation steps:

Intel Firmware Update

Microsoft released an update for devices running Windows 10

Potential impact on processors in the IBM Power family (patches available January 9th)

Linux system administrators should examine the Linux Kernel Mailing List (LKML) website:

Redhat system administrators should examine this website (which is updated routinely): [8]

Suse system administrators should examine this website:

Users and administrators are urged to update their computers with the latest security fixes as soon as possible. We also encourage users to refer to their OS vendors for the most recent information. Due to the fact that the vulnerability exists in CPU architecture rather than in software, patching may not fully address these vulnerabilities in all cases.

Champion is ready to help you evaluate your patching strategy and give you best practices around mitigating risk on this most current security issue. Learn more about our security capabilities at: https://www.championsg.com/services/security


Importance of Data Lifecycle Management


IBM i OS End of Support for v7.1.x in April 2018