by Doug Olenick
January 23, 2018
Intel’s recommendation posted earlier this week that those using processors possibly impacted by the Spectre/Meltdown vulnerabilities should hold off on downloading the current, flawed versions of its patch is placing millions of people in a precarious, but not necessarily dangerous, situation.
The self-imposed moratorium means millions of end users have no recourse right now when it comes to dealing with CVE-2017-5754, CVE-2017-5753 and CVE-2017-5715 that take advantage of the speculative execution performance feature in modern CPUs make the memory of virtually all computers and devices accessible to hackers. Although many companies have issued their own patches, the industry is still waiting on a final fix from Intel.
“We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior,” Navin Shenoy, executive vice president and general manager of Intel’s Data Center Group, said yesterday.
In the meantime there are some steps IT managers, and even end-users, can take to keep their systems safe until Intel releases a proper update.
“In times like these, customers should be extra vigilant to ensure they have not been compromised. Network traffic analytics should be used to monitor their environment for anomalous traffic patterns and unusual behaviors,” said Bob Noel, Plixer’s director of strategic relationships and marketing, to SC Media.
The other option for cybersecurity staffers is to simply keep up their normal level of vigilance while they wait.
“The basic advice is to continue to practice good security hygiene. You can’t control the silicon issues of Spectre/Meltdown, and given that Intel completely fumbled the patches, to put it mildly, you should ensure that all of your software — OS, applications, browsers and plugins, are all up-to-date. In addition, continue to practice “safe browsing” and don’t visit suspect sites, click on links that you are unfamiliar with, and simply be diligent about reporting anything that seems strange to your IT Support,” Mike Kail, CTO of CYBRIC told SC Media.
Noel brought up the salient fact that not heeding Intel’s recommendation and installing an unstable patch may not only lead to system problems, but could scare people off from updating their system in the future.