Understanding the Meltdown-Spectre Issue

What Microsoft has done-and what you can do-about this security flaw

Sreeraj Vasukuttan

What is this Meltdown-Spectre thing that everyone is talking about?
First of all, Meltdown-Spectre is not a close cousin to WannaCry—which was a malware attack. Meltdown-Spectre is instead a blind spot which might have caused worldwide malware incidents and more. To elaborate, Meltdown-Spectre can be understood simply as a couple of security flaws that went unnoticed by Intel, AMD, and ARM.

Patches and fixes
Along with the major operating system and IaaS vendors, Microsoft was able to respond to the situation quickly. On January 3, Microsoft issued a Windows 10 update, and then an update for Windows 7 and 8 on January 9. But there was a catch. One thing that was out of Microsoft’s control was the ability to update devices that run anti-virus apps that are incompatible with Windows Update. In these machines, the fixes caused stop errors-also known as blue screen errors. To avoid this, Microsoft only offered Windows security updates to compatible devices. Microsoft then worked closely with anti-virus software partners to ensure that all customers received the January Windows security updates as soon as possible.

Microsoft had previously recommended a processor microcode—or firmware update—in addition to the January 2018 security fix. Later, Intel announced that their microcode might cause some issues that include system reboots and “data loss or corruption.” Intel recommended not installing their microcode until they complete further testing. Microsoft responded, saying these events had led them to release their version of the security update that, in their testing, had been successful in preventing “branch target injection vulnerability,” also known as Spectre Variant 2. So, keep an eye out for further updates from Microsoft and the chipmakers-and our blogs as we publish more news.

Do these fixes currently come at the cost of a performance decrease?
Unfortunately, yes. Security experts were speculating performance decreases as a side effect of the OS fixes. In a later announcement, Terry Myerson, Executive Vice President, Windows and Devices Group at Microsoft confirmed this.

The lesson: Even though this is potentially the biggest security emergency of the year, the real-world impact of this was nothing compared to the cyberattacks we witnessed in last year. Perhaps, this is a sign that the experts are becoming more and more proactive and making the digital world more secure for all of us. We at Connection believe that we have an important role to play in that battle. This collective sense of purpose is the reason behind our unique positioning in the market as a security-focused global solutions provider. Check out a recent blog article by Bill Virtue, Security Engineer at Connection, to learn more about the Meltdown-Spectre issue.

Sreeraj Vasukuttan is a Technical Marketing Manager at Connection with a passion for technology and marketing. He enjoys writing about cloud, security, and end-user compute. In his free time, he loves watching films, cooking, and traveling with his family.