coe-staff: New hardware Vulnerabilities for Windows and Mac (1/8/18)

Jeff Woodbury jeffreyw at uoregon.edu
Mon Jan 8 11:55:59 PST 2018 

All,

Reports in the press are highlighting two critical hardware vulnerabilities called "Meltdown" and "Spectre" (see https://meltdownattack.com/ and  https://spectreattack.com/).

UO Information Services (IS) has provided some information about this risk and will most likely send a campus-wide email later today (https://service.uoregon.edu/TDClient/KB/ArticleDet?ID=45829). These vulnerabilities can affect almost any device regardless of the operating system (Windows, MacOS, iOS, Android, and Linux).

Users should check to see if there are any system or application updates available and attempt to apply them. Most of the initial patches and updates were released after January 3, 2018.

In essence, users simply need to check to see if their computers, tablets, and phones have the latest updates and patches.

As the response to these vulnerabilities, changes, COEIT will keep you updated.

Here are basic descriptions of both Meltdown and Spectre from  https://meltdownattack.com/ and  https://spectreattack.com/:

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.

If  you have any questions about steps to protect your equipment from Meltdown and Spectre, please write us at coe-support at ithelp.uoregon.edu.

Jeffrey Woodbury
Director of Technology, College of Education
jeffreyw at uoregon.edu<mailto:jeffreyw at uoregon.edu>
541.346.1816

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists-prod.uoregon.edu/pipermail/coe-staff/attachments/20180108/20ae7a86/attachment.html>

More information about the coe-staff mailing list