Image: Thomas Samson AFP/Getty Images

On Monday, Microsoft and Intel disclosed a newly discovered variant of the Spectre and Meltdown security flaws, uncovered another vulnerability used in hundreds of millions of computers and mobile devices.

Intel is calling the new strain “Variant 4.” This latest variant taps into many of the same vulnerabilities that were revealed in January but uses a different method to extract sensitive information, per Intel.

Spectre and Meltdown have been continually haunting companies like Intel, ARM, and AMD, which produced flaws chips for everything from computers and laptops to mobile devices. The vulnerabilities, which potentially allow cyber-criminals to access and read sensitive information on your CPU, affected hundreds of million chips manufactured over the last two decades.

Hackers often scour online for vulnerabilities that’ll allow them to carry out attacks. The WannaCary ransomware attack, for example, took advantage of Windows computer whose owners never implemented a critical Microsoft patch.

From CNET:

… even after Intel and other companies fixed the first strain, researchers expected new variations of the original vulnerability to pop up. In January, Arm CEO Simon Segars predicted that a flaw like Spectre would most likely happen again. Monday’s advisory is the latest example of companies facing the ongoing security issue.

Intel is classifying Variant 4 as a medium risk because many of the exploits it uses in web browsers were fixed in the original set of patches, according to a blog post from the company. The newly found variant uses something called “Speculative Store Bypass,” which could allow your processor to load sensitive data to potentially insecure spaces.

According to the US-CERT’s advisory, officials indicated the new flaw would allow attackers to read older memory values on your CPU.

Intel has said that they haven’t seen this vulnerability used by hackers and that it’s released a complete fix for the flaws over the coming weeks. Intel’s EVP of security, Leslie Culberston, said in a post that Intel has already made the patch available for manufacturers and software vendors.

Source: CNET

Protect Your Business From This Flaw

This flaw could potentially allow attackers to access sensitive/confidential information stored in your CPU by way of remote attacks. Preventing this flaw from being exploited is straightforward: make sure that you’re up to date! Contact your IT provider today to make sure that they’ve deployed the appropriate mitigation for this critical vulnerability.

How to protect your personal computer:

How to Enable Windows 10 Automatic Updates

Enabling Automatic Updates is the easiest and one of the most powerful ways to protect yourself from attacks like this!

  1. Click the Start Button and type “Windows Update Settings” then click Windows Update Settings
  2. Once in Windows Update Settings select “Advanced Options”.
  3. Ensure that Automatic is selected in the drop-down. You can now close the settings window.
  4. Your Windows 10 will now update automatically.

 

Need better IT? Stellar IT ensures with 100% certainty that these critical updates are installed. We push out critical updates in an automated fashion, and then check to make sure they’re installed. This is in addition to delivering your complete IT solution!

Share This