Microsoft protects its Surface notebooks from Meltdown & Spectre Microsoft protects its Surface notebooks from Meltdown & Spectre
The vulnerabilities are dubbed "Meltdown" and "Sceptre", and experts have said they affect nearly all devices made in the last 20 years. Microsoft protects its Surface notebooks from Meltdown & Spectre

Two major security flaws in processor technology emerged last week, scaring the IT world and sending big companies like Intel, Microsoft, Google, and others, scrambling for a solution.

The vulnerabilities were dubbed “Meltdown” and “Spectre”, and experts have said Intel’s and ARM chips are the ones that are affected the most. More importantly, just about every device made in the last 20 years is vulnerable to attack as a result.

The Verge says Spectre and Meltdown “…allow an attacker to compromise the privileged memory of a processor by exploiting the way processes run in parallel.”

The site goes on to say that “They also allow an attacker to use JavaScript code running in a browser to access memory in the attacker’s process. That memory content could contain key strokes, passwords, and other valuable information.” Information that could be used by hackers to compromise system security, and gain access to sensitive end-user information like passwords, online banking login details, and the like.

Patches are in the works from everyone, covering everything from updated motherboard firmware to operating system patches. As a first line of defense, companies like Mozilla, Google, Microsoft, and Apple are releasing patches for their browsers, while the deeper system-level patches roll out.

Microsoft is one of the first big companies to patch the vulnerabilities at a hardware level, but only for its Surface range of Windows 10-based notebook computers. A company spokesperson told The Verge that firmware updates for its Surface Pro 3, Pro 4, Book, Studio, Pro Model 1796, Surface Laptop, Pro with LTE Advanced, and Book 2 models are currently rolling out, but that they are not available to all users as yet.

All major IT vendors are currently working on their own firmware updates to address these vulnerabilities; expect these to roll out in the coming days.

[Source: The Verge]

No comments so far.

Be first to leave comment below.

Leave a Reply