Your IT Support Experts - Homepage

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Home

About Us

IT Services

Understanding IT

News

Blog

Contact Us

Support

(703) 359-9211

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

Macro Systems Blog

A Bug that Blurs the Lines Between CPU Modes

A Bug that Blurs the Lines Between CPU Modes

Just a few months after the firmware in their computer chips was revealed to be significantly flawed, Intel’s flagship product has yet again resulted in negative attention to the company. While the issue now has a fix, there was the possibility that a solution could reduce the functionality of the CPU.


In a blog run by a user known only as 'Python Sweetness', a post popped up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

To put it another way, there was a bug that messed with how other programs interacted with the CPU. A functioning CPU has two modes: kernel and user. User mode is the one that is usually considered ‘safe’ mode, while kernel mode allows access into the computer’s inner workings. Python Sweetness, however, realized that there was a bug that blurred the lines between user and kernel mode. This problem created a means for malware and other malicious programs to access a system’s hardware directly.

The bug was supposed to cause the system to have to switch entire processes back and forth between user mode and kernel mode, which would slow any of the computer’s functions down significantly. The initial expectation was that the computer could only be fixed with a hardware change. Luckily, a fix was constructed and released as a Windows update, costing only 2 percent of system performance (a much better outcome than it could have been).

For PCs with Windows 10 running and an antivirus that supports the patch, the fix should be in place. To confirm this, go to Settings > Update & Security to see if there are any updates waiting to be implemented. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported. The patch will not be installed until it sees that the antivirus has been updated to a version that the vendor verifies.

If you own an Android device, there was an update on January 5th that provided mitigations, with the promise of continued updates to add to these protections. Google-branded phones (including the Nexus and Pixel lines) should have already received the patches, and other Android phones may have too. This is something you need to check; if you haven’t received an update yet, call your carrier.

A Google Chrome update is expected on January 23rd, with other browsers following suit, that will also include mitigations. Until then, ask an IT resource to help you activate Site Isolation to help prevent a malicious website from accessing your data.

Other devices, such as NAS devices, smart appliances, networking equipment, media equipment, etc., may also be at risk since they are using similar hardware. It’s imperative for company owners to have their entire infrastructure reviewed and audited.

For the fix to actually happen, the update has to be installed. This is why it is worth having a managed service provider looking out for your organization. The MSP would be there, ear to the ground for news of updates, ready to jump into action when necessary. As a representative of you organization, you wouldn’t have to worry about dealing with any of it, which of course means that you and your staff would be free to focus on profit-generating initiatives, without the distraction of maintenance and updates
Macro Systems can be that MSP for you. Call us at 703-359-9211 for more information.

Building a Social Media Strategy for the Modern Bu...
Do Not Hesitate to Address the Elephant in the Ser...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, August 16, 2018

Captcha Image

Customer Login

Contact Us

Learn more about what Macro Systems can do for your business.

(703) 359-9211

Macro Systems
3867 Plaza Drive
Fairfax, Virginia 22030