IT Security Alert: "Meltdown" and "Spectre" Vulnerabilities

01/05/18

Contributed by Jason Youngers

IT is working to deploy security updates to IT-managed systems. Restarts will be required. Please ensure that your personally owned computers, phones, and tablets are up-to-date.

Many of you may have heard the recent news about two new security vulnerabilities referred to as “Meltdown” and “Spectre.” These are unusually serious vulnerabilities that affect virtually all computer systems, including servers, workstations, laptops, phones, and tablets, regardless of operating system. Microsoft, Apple, RedHat, Dell, Google, and other software and hardware suppliers have begun to release security updates (patches) that mitigate portions of the risk associated with these vulnerabilities.

Meltdown and Spectre allow user software, such as web browsers and productivity tools access to memory assigned to other software including the system kernel, and could lead to the compromise of data, passwords, and encryption keys. Proof-of-concept exploits of these vulnerabilities have been reported, but we have not yet seen reports of them being used in actual attacks.

IT is working to ensure that we deploy available patches as soon as possible.  While we will work to minimize any associated disruption, some system restarts will be needed as patches are applied, and we will do our best to communicate with the campus community ahead of service outages, but significant advance notice may not always be possible.

0 Comments



https://www.ithaca.edu/intercom/article.php/20180105172738810