Patch software immediately to protect from ‘Meltdown’ and ‘Spectre’ vulnerabilities

A group of students working together using laptops and mobile devices in Davis Hall.

Published January 4, 2018

Two major security flaws named Meltdown and Spectre affect nearly all personal computers and mobile devices, regardless of age. It is extremely important to apply the latest patches to operating systems, browsers, applications and manufacturer firmware as soon as they are available.

What is the risk?

The vulnerabilities allow an attacker to access the memory of a computer or mobile device, where passwords and other sensitive data are stored. The most significant risk is on shared devices.

The vulnerabilities relate to a critical flaw in computer processor hardware. Although Intel Corporation computer chips (CPUs) have been most commonly mentioned in the media, these vulnerabilities also affect systems with AMD and ARM chips, leaving virtually no device unaffected. They also potentially threaten data stored in cloud services. 

What is being done?

Since learning of these vulnerabilities, UBIT began assessing the exposure of campus systems. There is no evidence of anyone exploiting these vulnerabilities on central systems at this time.

The advice for remediation is the same for all customers: apply the latest updates as soon as they are available. These updates include those to all operating systems, browsers, applications, and manufacturer firmware.

What patches are available?

At this time, patches are available for Windows, Apple and Linux operating systems, and for some major browsers. Chrome patches will be available near the end of January. 

It was previously necessary to update Symantec Endpoint Protection before patching Windows, but this is no longer the case.

For the Spectre vulnerability, it is necessary to patch the system BIOS. Consult with IT staff for help with this.

As always, it is important to test patches before deploying on a large scale.

Get help

If you experience problems relating to installing a patch or upgrade, contact the UBIT Help Center—submit a ticket online or call 716-645-3542.

UBIT is continuing to track this as situation as it develops, and will communicate any critical new information as it becomes available.