Update From CSP On Latest Intel Vulnerabilities

As we continue to monitor the IT security landscape, we wanted to make you aware of an emerging risk and ask for your help with an important action item.

Security experts have recently discovered two vulnerabilities in the processors (CPUs) used in thousands of devices.  These vulnerabilities, known as Spectre and Meltdown, could allow an attacker to obtain access to sensitive information.

Here is Intel’s official press release:  https://newsroom.intel.com/news-releases/intel-issues-updates-protect-syste…

At this point, there are no known cases of this vulnerability being exploited by hackers.  However, it is still prudent to update your systems accordingly.

In the short term, it appears operating system updates (patches) mitigate the underlying hardware vulnerability.  Some of these patches have already been published and CSP is testing them now.  We expect much more to come.
Important Action Item:  To make sure patches are pushed out to all PCs, please reiterate to your users to keep their machines powered on overnight.  CSP recommends leaving PCs turned on at least Monday and Wednesday evenings.  To receive patches, a machine must be turned on and connected to the internet.  If the user has a laptop, it is important to change the power settings so it will not go to sleep (instead, we recommend simply turning off the monitor).

This is still a fluid situation and we will keep you abreast of additional developments.  There are some reports of the patches causing performance degradation, but at this point, there is a consensus in the security community that the patches are the best response.  In the long-run, hardware upgrades could be required.

We will keep you updated on additional developments.  Thanks for your attention.

Your CSP Team