Vendors Pushing Out Emergency Fixes for Newly Disclosed CPU Exploits
All healthcare providers will want to make sure that these fixes are applied to all systems as soon as possible as the vulnerabilities will soon be disclosed and could start being used at any time by attackers to try and gain access to your systems and devices.
Microsoft considered this vulnerability so serious that they are issuing and out of band update to as the official fix. For Windows 10 this will be KB4056892.
“We're aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.”
At this time Windows 7 and 8 users can manually download and install the update or they can wait until patch Tuesday to receive it automatically via Windows Update.
Researchers disclosed that almost all modern processors are affected by two exploits, called Meltdown and Spectre. These two exploits can be used by attackers to gain access to things such as passwords, emails and other sensitive information.
Patches are also available for other operating systems including Linux, MacOS and more. You should check with your vendor to find out how to get and apply the necessary updates to your systems.
Being in the healthcare field means your agency needs to pay attention to threats such as this and make sure that mitigation steps are taken in a timely fashion. Of course, your agency should always follow good security practices to protect against malware and these measures can often also help protect against new exploits until updates can be applied.