William & Mary

Meltdown & Spectre Vulnerabilities

Summary

W&M IT is actively addressing the Meltdown & Spectre vulnerabilities. Find-out what you can do to protect yourself against them.

Full Description
MeltdownSpectreAs you may have seen in the news, there are new warnings about vulnerabilities in computer hardware.  They are referred to by the names Meltdown and Spectre.  They are hardware/architectural vulnerabilities in Intel, AMD, and ARM processors, which are installed in a large portion of modern computers and devices. 

The exposed flaw is essentially a data leak from the memory of a computer or device.  Attackers could potentially leverage this leak to steal passwords and sensitive data.  Fortunately, at this time, there are no known exploits of these vulnerabilities.

W&M IT is actively patching and monitoring all on-campus W&M systems against Meltdown and Spectre.  For our cloud services, we are contacting vendors to ensure the proper security measures are being put in place to protect our W&M cloud data.

What You Can Do

Here's what you should do to protect yourself against Meltdown and Spectre:

  • Update your operating system and software as soon as updates become available.  Some updates have already become available.  Others will come later this week.
  • Make sure you anti-virus product is active and updating.  Please note that the retired Sophos Anti-Virus that was available until recently for W&M computers is NO LONGER UPDATING!  That product will not be effective against these vulnerabilities and you will not be able to patch your operating system without the latest release from Sophos.  If you are using Sophos At Home (directly from Sophos) you will recieve the necessary updates.
  • LOG OUT when you are finished using a service that you had to sign-in to use.  When you sign-in to an online service, say email or your bank account, your login credentials are stored in your computer's memory.  When you log-out, they are removed from the memory.  If you simply close your browser, you credentials for that session continue to be stored in your computers memory, where they could potentially be leaked.
  • Check for firmware updates from your computer manufacturer.  Intel only plans to protect processors with versions less than five years old.

Additional Resources

 

Questions? Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | [[support]] | Jones 201, Monday - Friday, 8:00 am - 5:00 pm