In recent news, major CPUs have been dealing with issues known as Meltdown and Spectre. These are vulnerabilities that can allow access to sensitive memory data through software running on the same physical machine, for example, from malware accidentally downloaded by a user.
Affected systems include: all modern Intel processors, machines running Windows, Windows Server, macOS and Linux as well as 'virtualisation' platforms such as VMware and HyperV, and cloud platforms including Amazon Web Services (AWS) and Microsoft Azure. Other platforms and appliances using the affected processors, which may include network and storage systems, may also be at potential risk. The vulnerabilities are serious and, in the case of Spectre, difficult to patch or mitigate.
However there are no reports about these vulnerabilities being actively exploited 'in the wild' so far. Meltdown requires code to be actively run (e.g. in a web browser) in order to be exploited. Servers are less susceptible than end-user workstations since they aren’t usually actively surfing the net. Existing policies and security measures on client networks should already be protecting users and mitigating access to inappropriate downloads and materials, although users should always be vigilant when accessing the Internet.
IT vendors have started issuing advice and updates for their relevant software and systems, including Microsoft, Apple, VMware, Red Hat and other Linux distribution vendors. Cloud vendors such as AWS and Azure have also been updating their infrastructure platforms and virtualisation hypervisors. Some of these updates have themselves caused or identified other issues, which is making the situation more complex. For example, there are reports of performance slow-downs on certain systems, notably Linux servers (which power most of the Internet). Meanwhile, Microsoft's updates for Windows 10 have caused issues with many Anti-Virus software products. Anti-Virus vendors are having to ensure their software works with the latest Microsoft updates. In addition, whilst fixes for Meltdown are relatively straightforward, fixes for Spectre are more complicated and may not be immediately available.
What is BTA doing to help its IT Support clients?
The situation with Meltdown and Spectre is still very fluid, and the implications of both — and the implications of any 'fixes' released to combat them — are still not fully understood or proven reliable yet.
Above all, it is imperative that we help maintain systems that are as secure and reliable as possible for our clients. No IT system is 100% secure nor 100% reliable and we use our extensive experience and knowledge to balance the needs of security and safety versus availability and reliability.
At the time of writing, we are not recommending an immediate 'we must patch now' approach. We are currently:
a) Actively monitoring the situation and vendor advice
b) Actively identifying if any particular systems or clients are at higher risk than others (in short, we believe not)
c) Double-checking that the anti-virus solutions installed on all client managed systems are fully up-to-date and operational, and that other updates / patches are confirmed OK and not going to affect systems
d) For clients with Flexible IT Support contracts, liaising with client IT Managers and / or on-site IT staff to share information and discuss appropriate steps and schedules to mitigate the issues.
We intend to roll out OS patches to managed workstations and servers for clients with Managed IT Support (MITS) when confirmed good and the risk is minimised.
Based on findings and vendor advice, we may update some systems immediately and / or delay others to our normal regular patch schedules. If there is any advance or variation on our normal patch schedules, we will notify and / or discuss with the affected clients as necessary.
Beyond operating systems, we are in the process of planning timescales for rolling hypervisor updates for managed clients with multi-host VMware and HyperV clusters to avoid host downtime. Our initial priority will be to those running Remote Desktop servers because those have end-user desktop access. Separately, we will be planning and agreeing outages with clients for standalone hypervisors, servers and other potentially affected devices that cannot be updated automatically / overnight.
Our current advice is: There is no need to panic. Carry on as normal. As always, remember to avoid unsafe web sites, email links and downloads. Users should report any suspicious or unexpected behaviour.
If you have any specific concerns or questions at this time, please contact your Account Manager or email firstname.lastname@example.org.
We take care of your IT, so you can focus on running your business. Whether you are looking for a comprehensive outsourced IT support service or something more flexible, BTA can help. As industry-leading specialists in network security, business continuity, hardware and software provision, cloud computing and Internet services, BTA has been helping businesses gain a competitive edge through technology for more than 20 years. Call today on 020 8875 7676 to learn more and sign up for a free consultation.