MENU
At the beginning of 2018, reports made the rounds about a long-known and quite serious security flaw in modern processors. We have covered the most important facts in our SecurityBlog, including an interview with Anders Fogh, whose research contributed to the discovery of the flaw. On this page we have gathered a few tips about how you can protect your system against attacks which use security flaws in the processor itself.
Install BIOS- / firmware updates which are supplied by the manufacturer to secure your device
Every appliance requires built-in software (also referred to as “firmware”) that allows it to function. Unlike an operating system, the firmware controls the internal workings of devices such as main boards or CPUs. It ensures that all commands issued by the operating system are carried out correctly by the hardware.
Attack scenarios sich as „Spectre“ and „Meltdown“ make use of a security flaw in the processor’s internal software. To remedy the flaw, it is required to apply the update from the manufacturer which specifically addresses it.
Every manufacturer offers firmware updates for download on his website. They usually have their own dedicated installation routines, which guide the user through the installation process. It is vitally important, however, the select the firmware which is designed specifically for your model of CPU.
Install a security solution which is compatible with the mitigation patch issued for securing Windows
One requirement for the installation of the mitigation update for Windows is the use of a security solution which is compatible with said update. If a non-compatible solution is used, the update will not be offered for download on those machines. In this case it might be worth considering to use a different security product, since an incompatible malware protection program represents a substantial security risk.
All G DATA solutions are compatible with the Update.
This is not true for every product you can find on the market. Systems with a security solution incompatible with the patches that address the Meltdown/Spectre attacks will not receive the update. Microsoft also point this out on a dedicated website.
Install the latest updates for Windows to secure your system
Updates fort he operating system should be installed as quickly as possible. This closes security holes and minimizes as system’s potential attack surface. For the most part, this happens automatically. In the case of Spectre&Meltdown those updates make sure that the processor’s security flaw cannot be exploited. This temporary remedy ensures that private data remains safe until a firmware update for the processor is available. The firmware update for the processor must still be applied, though, in order to achieve an acceptable level of security again.
Furthermore, Micorosoft explicitly states that deploying Windows updates is not enough to restore security. The aforementioned firmware update remains mandatory.
All those tips do not only apply to privately owned computers. Administrators of company networks must also take action to prevent security flaws from being exploited. Microsoft has provided a set of dedicated tips for this target group.