The technology world has been abuzz thus far in 2018 about two major security flaws which were recently discovered in almost every computer, smartphone, and web browser produced in the last years.
These vulnerabilities, referred to as “Spectre” (CVE-2017-5715 and CVE-2017-5753) and “Meltdown” (CVE-2017-5754), make it possible for a malicious script run by hackers to gain access to data such as passwords, encryption keys, and other sensitive data which is normally not accessible. The flaws have existed in computer chips which were manufactured as far back as 1995 and were discovered in 2017 by multiple security researchers.
These flaws have software publishers and hardware manufacturers working overtime to update their software for these security issues. I have implemented the fixes on a variety of computers, and the update process for your computers will likely require updates to your web browsers, your computer’s operating system, and possibly your hardware’s BIOS and other firmware.
While it is essential that you install these updates to protect the confidential information you have on your computer (including your usernames, passwords, and encryption keys), some sources also report that these patches will make changes that could slow your computer down by as much as 20% on some computers, and other sources report that the patches caused unexpected reboots on other computers.
The Spectre and Meltdown patches are plentiful and it will be some work for you and/or your IT professional to apply these updates. I have four Windows computers and two Linux computers which I use on a regular basis, and the update process has been very time consuming.
My Microsoft Surface Book was probably the easiest one to update, since Microsoft pushed out the firmware and operating system updates through Windows Update. My second laptop, a Dell Latitude E7270, required a BIOS update from the Dell website and I am in the process of updating a desktop computer and a server as I write this article.
About Brian Tankersley, CPA, CITP
Brian Tankersley CPA CITP is a technology consultant, educator, writer and serves as Director of Strategic Relationships for K2 Enterprises, where he works with vendors serving the industry to understand their existing and new offerings.