As you have probably heard in the media, there are two recently discovered vulnerabilities, going by the names of Meltdown and Spectre, that affect most modern processors including Intel, AMD and ARM and affects Microsoft Windows as well as Android, Chrome, iOS and MacOS. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.
While this is not limited to and is not a Windows-specific issue, Microsoft released a Security Only Update on January 3, 2018 to address this vulnerability for Windows devices, however:
- There is a known compatibility issue with the Windows patch and some Antivirus solutions as detailed here. The Windows patch will test for and will not install if the compatibility issue has not been fixed by the antivirus vendor first.
- Frontline has standardized on Webroot Secure Anywhere Endpoint Protection security software for our managed clients and while the exact timing has not been announced, Webroot has confirmed that their next planned release, version 9.0.19.xx, will include an automated fix for the Microsoft Windows security patch compatibility issue.
- Frontline leverages the significant expertise, manpower and process of our patching toolset partner’s 24x7x365 Network Operations Center (NOC) to thoroughly vet and test all new Microsoft patches and security updates prior to deployment to our client’s devices. This testing process takes time but the NOC is expediting the testing process and we expect the security update to be available for deployment through our patch management system on or around Tuesday, January 9, 2018.
- As of this writing, there are no known exploits of these vulnerabilities and an exploit requires that the computer already be compromised and infected with malware first.
After considering the risk, the impact and the fact that there are no currently known exploits, our plan of actions is to address this security update via our standardized patching processes, allowing our vendor partners time to thoroughly test, vet and deploy the update via our standard monthly update procedure only after receiving the “all-clear” that we expect on or after Tuesday, January 9, 2018.
If you are concerned about your home computers, tablets and smart phones, our recommendation is to enable automatic updates and to install any high priority updates. You can read the official guidance from, Microsoft, Apple and Android for further details.