Richmond Home

Alert: Meltdown and Spectre Vulnerabilities

01/09/2018

On January 3, 2018, security researchers publically announced they were able to exploit vulnerabilities found in computers processors chip design.  The vulnerabilities were identified as Meltdown that impacts only Intel® processors and Spectre, which affects Intel®, AMD®, and ARM® processors.  The vulnerabilities take advantage of the way the chips process data and allows an attacker to gain access through side channels and to read data that would normally be secret.  Data such as passwords, encryption keys, credit card information, etc. may be exposed.  These vulnerabilities are a result of a hardware flaw in processors, however manufacturers are mitigating the vulnerabilities by releasing firmware and operating system patches.  

What we are doing: 

University of Richmond’s Information Services started patching systems Friday, January 5 as updates were made available by manufacturers. We are continuing to monitor news and manufacturer press releases on these vulnerabilities, and will apply new patches as they become available, as well as review other recommendations for mitigating these vulnerabilities.

What can you do?

It is highly recommended that individuals update their home computers as soon as possible by installing updates from the operating system’s website.  Also, a firmware update should be provided by the computer manufacturer and should be installed as well.  Updates have been released by Microsoft® and Apple®.  Please note that Microsoft has temporarily suspended releasing patches for devices using AMD® chipsets as they may render the operating system unusable.

Sources and Additional Information:

https://meltdownattack.com/

https://www.us-cert.gov/ncas/alerts/TA18-004A