University at Buffalo - The State University of New York
Skip to Content

Patch software immediately to protect from ‘Meltdown’ and ‘Spectre’ vulnerabilities

Published January 4, 2018

Two major security flaws named Meltdown and Spectre affect nearly all personal computers and mobile devices, regardless of age. It is extremely important to apply the latest patches to operating systems, browsers, applications and manufacturer firmware as soon as they are available.

What is the risk?

The vulnerabilities allow an attacker to access the memory of a computer or mobile device, where passwords and other sensitive data are stored. The most significant risk is on shared devices.

The vulnerabilities relate to a critical flaw in computer processor hardware. Although Intel Corporation computer chips (CPUs) have been most commonly mentioned in the media, these vulnerabilities also affect systems with AMD and ARM chips, leaving virtually no device unaffected. They also potentially threaten data stored in cloud services. 

What is being done?

Since learning of these vulnerabilities, UBIT began assessing the exposure of campus systems. There is no evidence of anyone exploiting these vulnerabilities on central systems at this time.

The advice for remediation is the same for all customers: apply the latest updates as soon as they are available. These updates include those to all operating systems, browsers, applications, and manufacturer firmware.

What patches are available?

At this time, patches are available for Windows, Apple and Linux operating systems, and for major browsers.

Some patches are reported to result in computers running slowly. Additionally, there have been reports of some patches causing system crashes, including a conflict between Symantec and Microsoft causing Windows systems to experience the “blue screen of death” after being patched.

Therefore, it is important to test patches before deploying on a large scale.

Get help

If you experience problems relating to installing a patch or upgrade, contact the UBIT Help Center—submit a ticket online or call 716-645-3542.

UBIT is continuing to track this as situation as it develops, and will communicate any critical new information as it becomes available.