Meltdown and Spectre – Where Are We?

Meltdown and Spectre – where are we?

We are currently in a very strange place for business IT. At the start of January we all heard about the Meltdown and Spectre vulnerabilities that affect most modern computer chips.

At this point we would normally be sharing advice on what to do to protect affected systems. The trouble is, the current cures could be worse than the sickness.

Chip makers and hardware manufacturers have rushed to respond to a fundamental flaw in their systems. You would expect them to do this. Sadly, they seem to have been precipitous in many cases. The ‘fixes’ are being installed by users and admins, only to find out they have a problem where none existed before.

Computers are rebooting, slowing down or acting strange in many other ways because of the updates. This is particularly galling because in each case it’s an attempt to fix an issue that wasn’t actually manifesting itself in any way.

Meltdown and Spectre are vulnerabilities which have been identified but were not known to have been exploited yet, which makes it hard for busy people who have not suffered any problems to take the situation particularly seriously.

But it is serious. These chips, which power everything from graphics cards, to cash machines, mobile phones and the laptop on your desk, are now at risk from a known fault. It has to be addressed with urgency, it’s just that the current resolutions are generally making things worse.

Deep Problem

That’s a sign of how deep the problem goes. Normally someone finds the flaw in the code and a fix is written. This is so fundamental to the chips that it’s really hard to mend it with new code, so the attempts that are being made are floundering.

What’s even worse is that Meltdown and Spectre are not the same thing. They are different problems needing different solutions.

And that leaves us where? In a place where caution is better than untested action.

Before we start applying patches in scattergun approach, we need to look at what can be patched, how critical it is to the business, how well proven the fix appears to be, whether other setting need to be changed to complement the patch, etc, etc.

The urgency will increase if exploits of these vulnerabilities start to appear ‘in the wild’. That’s something we have to keep a close eye on. The last thing our clients needs though, is to have us ‘fix’ something, which then works less well than it did before and impacts the business on a daily basis.

Some people may disagree with this approach. But we tend to believe that no fix is better than a bad one. We will keep you updated as this develops.

‘Spectre’ of a Full-Scale ‘Meltdown’ Rears its Head

NHS Technology is (Still) in Very Poor Health

Back to Insights

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Meltdown and Spectre – Where Are We?

Meltdown and Spectre – where are we?

Deep Problem

Uh Oh! You’re at Greater Risk of Malware than Ever Before

Be Careful When Scanning QR Codes – There’s a New Scam Going Around!

Be More Productive with these Microsoft Edge Features

5 Cybersecurity Predictions for 2024 You Should Plan For

Is This the Most Dangerous Phishing Scam Yet?

What is Microsoft Security Copilot? Should You Use it?

The Advantages of Contracting with an IT Company Over Break/Fix Arrangements

Cyber Attacks: Stronger, Faster and More Sophisticated

Online Security: Addressing the Dangers of Browser Extensions

The Little Things that make a Big Difference

Workspaces, a VPN and More – Learn the Newest Microsoft Edge Features

And the award for most common phishing scam goes to…

Examples of How a Data Breach can Cost Your Business for Years

Demystifying Data Encryption: Safeguarding Your Digital World

How Small Businesses Can Approach Workforce Technology Modernisation

Which Ransomware Payment Option is Best? (Hint: None)

Top Data Breaches of 2023: Numbers Hit an All-Time High

Bridging the Trust Gap Between Your Employees and AI

9 Tips for Setting Up AI Rules for Your Staff

Don’t Think Your Business is a Target? Think Again

Gamers Beware! Hackers are Targeting You

This New Search Feature in Edge is a Revolution

The Proactive Advantage: Fortifying Business Resilience through Monitoring

Here’s What’s in Store for the Last Ever Windows ‘Moments’ Update

How Can You Leverage the MS Teams Payment App

Microsoft Wants you to Pay for Updates

11 Ways to Responsibly Get Rid of eWaste at Your Home or Office

Are You Ready for Next-Gen Email Security? (YES!)

Beware of These 2024 Emerging Technology Threats

You’re Not Imagining it, Video Calls ARE Stressful