SPECTRE AND MELTDOWN VULNERABILITIES
ITS will continue to review the developing threat and work with our vendors and IT support staff to address the risks.
What happened?
A vulnerability has been discovered in most modern processors found in desktops, laptops, servers, phones and tablets. They have optimizations that let them preload bits of data associated with data currently in use. While this speeds up the processing, security researchers discovered that this preloaded data can be accessed by malicious code.
What is the Risk?
Spectre and Meltdown are two methods of peeking at a processor's preloaded data. In short, if an attacker is able to run code on a device, they can use these exploits to read data they wouldn't ordinarily be able to see, including passwords or security certificates.
What is Smith Doing?
The risks and response options related to these vulnerabilities is evolving constantly. This overview describes in part what ITS is doing in response to these risks.
Client systems: we are monitoring for patches to major computer and client systems: Windows, Mac, iOS, Android; and reviewing and testing for potential incompatibilities with common or Smith supported applications and supported services.Smith Data Center / Central IT: as security updates are released by vendors and 3rd party support providers that pertain to Smith’s central servers and core infrastructure, they are tested and applied on a rolling basis to ensure that we maintain both service availability as well as system security. These are standard procedures in place for security updates and identified vulnerability response processes.
Smith network: similar to the process for data center systems, appropriate network related updates will be reviewed and applied.
Additional security controls: there is a continuing effort by both product vendors and the information security community to provide ways to identify and block active exploits from achieving their goals. As these monitoring and blocking resources become available, they will be implemented by ITS staff to help reduce the risks associated with these vulnerabilities to Smith IT services and the Smith community.
What can You Do?
Apply updates as they become available on your devices. Operating system and software updates are being developed and released to address these issues. Do not put them off, install the latest updates and patches as soon as possible.
*If you use third-party antivirus software on Windows, make sure to keep that up to date as well. Out-of-date antiviurs software could interfere with Windows patches.
Learn More
Spectre and Meltdown website
For additional information, please contact infosecurity@smith.edu