Recently two potential computer CPU vulnerabilities codenamed “Meltdown” and “Spectre” have been prominent in the news. To date, no security firm or organization has identified any computer attacks exploiting either of these - nonetheless, reports indicate the vulnerabilities themselves are widespread and must be addressed by operating system and chip manufacturers.
Current first-gen patches to reduce the level of vulnerability of Meltdown and to address the most accessible vulnerabilities revealed by Spectre have proven extremely problematic, the least of which issue is a significant reduction in processing power within devices (see https://www.wired.com/story/meltdown-spectre-patching-total-train-wreck/ for a better view on this). Patches that have been hastily provided have been inconsistent and in some cases even recalled by providers; currently there appears to be more harm from these remedies than from threats of possible attack using these exploits. As a result, we do not recommend installing security patches related to Meltdown or Spectre on NewTek products at this time.
As always, we continue to recommend users do not use NewTek products as general purpose computers by running any unknown or untrusted software on them. Putting in place relevant measures to ensure that untrusted code is not used on your system is by far the very best way to protest against these types of exploits. We also recommend network-based precautions to keep malicious code from encountering our products.
We will continue to monitor the efforts of Intel and Microsoft to mitigate the potential impact of Meltdown and Spectre, and will evaluate new options as they arise and provide recommendations at that time.
Please refer back to this NewTek knowledge base article; it will be updated as future information develops.
0 Comments