it.troy.edu logo
Search TROY IT


Search Helpdesk
Quick Links
Information for:
Jump to Main Content
Safe-Connect Logout
Safety Alert System Notice
  • About
    Offices & Hours Announcements Awards & Recognition IT Update (Newsletter) Insights IT Summit IT Employee Area
  • Services
    Classroom Technology Computer Labs Conference Rooms Cyber Security ERP Support (Colleague/Datatel)
    Document Imaging E-mail (Microsoft 365) Flex Classes Support Internet/Networking Software Support
    Technology Quotes Telecommunications Training Video Conferencing/Webinar Website Design & Management
  • Students
    Student IT Homepage 1098-T Consent/Information Canvas Canvas Student Resources Classroom Technology Computer Labs
    E-mail E-mail Password Reset Emergency Alert System Information
    (SOS)     Frequently Asked Questions Internet Access
    LiveText Student Security Student Software Technology Policies TROY IT Orientation
  • Employees
    Employees IT Homepage New Employee Enrollment
    Process (HR)     New Employee IT Checklist Find Your Employee
    (Colleague) ID Number     International Travel Requirements
    Cell Phone Request/Deduction Form Request E-mail Account Request Colleague Account Request Document Imaging Account
    Request VPN Account Reset Your E-mail Password Remote Productivity Tools
  • Policies
    Technology Policies Homepage Generative AI Copyright Information Data Governance Data Reporting
    E-mail Policy Family Education Rights &
    Privacy Act (FERPA)     Information Technology Usage Policy International Travel Requirements
    Security Policy Technology Standardization Guidelines Website Disclaimer World Wide Web Policy
    • IT logo
  • Security
    Security Homepage Account Access and Recovery Mandatory Security Training Emergency Information (SOS)
    Request Guest Network Access Phishing E-mail Messages Admin Systems Security Access
    Authorization Process
    Security Policy Screen Locking Standard Quarterly IT Security Award Winners
  • Projects
    Project Archives
  • Help
    Faculty/Staff Directory Search IT Offices/Hours Helpdesk Knowledgebase Helpdesk LogMeIn Rescue University Police Help Directory Cleaning Computers and Electronics for All Users
  • troy.edu
  • Open Search
Meltdown and Spectre Vulnerabilities
Security Menu
  • Home
  • Take Action
    • Report a Vulnerability
    • Report a Security Incident
    • Report a Stolen Item
    • Report a Phishing Message
    • Change Password
    • Report Abuse of Electronic Resources
  • Education & Guides
    • [External] E-mail Tagging
    • Recent phishing attempts received by University students and employees
    • Best Practices for Securing Your Desktop
    • Learn about copyright, DMCA and University Policies
    • Best Practices for Reducing Spam
    • Use Password Managers
    • OUCH! Security Awareness Newsletter
  • Password Management
  • Physical Security
  • Theft of Computer Equipment
  • Policies & Procedures
    • Account Access and Recovery
    • Alabama Breach Notification Act of 2018
    • Admin Systems Security Access Authorization Process
    • Copyright Information
    • E-mail Policy
    • Information Technology Usage Policy
    • International Travel Requirements
    • World Wide Web Policy
    • Technology Policies
    • Technology Standardization Guidelines
  • Additional Resources
    • Contact Information Technology
    • Contact University Police
    • Information Technology Website
    • Information Technology Policy
    • University Police
    • Emergency/SOS
  • Quarterly IT Security Award

Meltdown and Spectre Vulnerabilities

January 5, 2018

TROY Community:

Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre.  These issues apply to all modern processors and affect nearly all computing devices and operating systems.

No known exploits exist at this time.

Hypothetically, in order to exploit these vulnerabilities, one would need to install malicious applications or possess direct access to your devices. We recommend downloading software only from trusted sources and limit third-party access to your devices.

Many technology firms have begun to release patches to help defend against Meltdown.

In the coming days, we plan to release mitigations to help defend against Meltdown and Spectre. We will continue to develop and test further mitigations for these issues and will release them as quickly as possible.  TROY IT will handle all devices that we manage: do not attempt updates to office, classroom or lab technology.

TROY IT will send notices as needed via email, update the TROY IT web presence, and post to our Twitter account.

For personal devices, we suggest you review the manufacturers’ guidelines and employ common safeguards to limit opportunity for exposure.

It is important to mention that these security issues are not limited to traditional computing devices.  Portable devices, tablets, wearables, cellular phones, streaming devices, home automation, nearly all technology devices manufactured in the last twenty years are vulnerable.

The TROY IT web presence is http://it.troy.edu.  The TROY IT Twitter account is @TROYUIT.

More Information

What are Meltdown and Spectre?

Three critical vulnerabilities were recently identified by independent teams of security researchers. The three vulnerabilities, collectively dubbed Meltdown and Spectre, impact all Intel CPUs built in the last 15 or so years - which is quite a significant number of devices. These two vulnerabilities enable a malicious user land application to read the protected kernel memory of other processes (Meltdown) and applications (Spectre). This could include things like passwords, personal documents, and credit card data.

Who is affected by this?

Almost everyone. Meltdown exclusively impacts Intel processors. So, if you have an Intel CPU you’re impacted. Spectre on the other hand impacts Intel, AMD, and ARM processors. Combined, the list of vulnerable devices includes PCs, Macs, Android and iOS devices, baby monitors, your microwave (probably) - all of which run a vulnerable CPU.

How are they exploited?

Exploitation occurs through the execution of malicious untrusted applications. Proof of concept JavaScript code has been released for Linux. This means that all a victim has to do is visit the wrong website. Spectre is a more difficult vulnerability to exploit, and to this point no proof of concept code has been seen in the wild.

What do they do?

The vulnerabilities enable an attacker to defeat the barriers between the memory space of user-land (normal) processes and kernel process. This effectively enables a malicious application to read portions of kernel memory, which often contains data prior to being encrypted, processed, and sent to a socket.

How do I protect myself?

Update your software! Microsoft, Apple, Google, and other vendors have released patches to mitigate the risk Meltdown. If an update is available for your platform, install it. Intel has also announced that 90% of the CPUs released within the last 5 years will have a patch available by next week, which should mitigate the impact of Spectre.

Outside of software updates, use sound fundamental security principles when accessing the Internet. Avoid downloading and executing files from untrusted sources, and avoid visiting unknown sites.

Source: NOPSEC

Additional Resources

  • “Meltdown” and “Spectre”: Every modern processor has unfixable security flaws (Ars Technica)
  • Amazon, Microsoft, and Google respond to Intel chip vulnerability (CNBC)
  • Intel Claims Security Flaw Also Impacts Non-Intel Chips, Exploits Can't Corrupt, Modify or Delete Data (MacRumors)
  • Processor Speculative Execution Research Disclosure (Amazon Web Services)
  • About speculative execution vulnerabilities in ARM-based and Intel CPUs (Apple, Inc)
  • Facts about The New Security Research Findings and Intel Products (Intel)
  • Lenovo Product Security Advisories
  • Reading Privileged Memory with a Side Channel (Lenovo)
  • Central Processor Unit (CPU) Architectural Design Flaws (IBM)
Troy University Horizontal Logo
  • Troy, Alabama 36082
  • 1-800-414-5756
  • Questions?
  • Submit Feedback
  • Student Complaints
  • Student Disability Services
  • Accessibility Statement
  • Privacy Statement
  • Read Our Disclaimer
  • Accreditation Statement
  • Sites and Services Index

© 2024 Troy University

Scroll to Top of Current Page