|Update Chrome and Firefox Browsers||
Meltdown and Spectre vulnerabilities can also be exploited through 3rd parties browsers such as Chrome and Firefox, and these browsers have just recently announced their availabilities of updates to these vulnerabilities. So, users of these browsers are reminded to update their browsers as soon as possible. For more information, please visit their respective website.
|Apply Microsoft’s patches in Staff LAN today||
After a successful pilot testing on Microsoft’s patches for Meltdown and Spectre showing no significant impact to the computer performance, the patches are applied to all Staff LAN PCs today to fix the Meltdown and Spectre vulnerabilities. The KB numbers for patches applied to different Windows platforms are as follows:
KB4056892 2018-01 Cumulative Update for Windows 10/10x64
*The above fixes also apply to computers with AMD’s CPU.
|Solution from Microsoft||
Microsoft has announced that the patches to fix Meltdown and Spectre vulnerabilities are ready. These patches are tested in the CSC and will soon update to all domain-joined Staff LAN computers under different Windows platforms (Windows 7/Windows 8.1 and Windows 10). For non-CityU domain computers, users will have their update following the normal update schedule from Microsoft.
Performance Impact: From the experience of other users, a known performance issue of 5% to 30% speed degradation may occur after this Microsoft’s patches update.
Problem in AMD CPU: Microsoft has identified problem in updating these patches in computers running AMD CPU (blue screen error or frozen screen) and therefore the patches are not applied to computers with AMD CPU. While AMD is planning to release the firmware updates to fix this problem, the mentioned firmware update is still not available yet.
|Solutions from others||
For macOS and iOS, there are updates (iOS 11.2.2 and macOS 10.13.2) to defend the vulnerabilities. Users using MacBook, iPad, Iphone etc. are required to update to these or higher versions to protect devices.
For Android devices, only some brands have their fixes. It is advised to check with the webpage from different brands for the latest updates.
For Linux platforms, how to get the update depends on the Linux distribution, so please consult your system administrator on how to handle it.
|We are aware of reports regarding some hardware vulnerability issues. Security researchers uncovered 2 security issues, Meltdown and Spectre, last week. These issues apply to and affect all modern processors (CPU) in nearly all computing devices and operating systems. As a result of these vulnerabilities, passwords, encryption data and any other sensitive data may be leaked from computer/device memory intruded by exploiter/hacker. This is a critical and serious flaw that has necessitated this announcement. So far there is no known evidence either vulnerability was exploited, but users should be in high alert and avoid visiting unfamiliar websites referred by social media and unknown/suspicious email senders. Also, making backup of your data in your computers/devices is also recommended.|
|Meltdown||Microsoft has released the patches for Meltdown this week for your Windows desktops connected to the CityU domain, and the roll out will be automatic. Please install the patches when prompted and restart your computer afterwards for them to take effect. Apple has already released mitigations in MacOS 10.13.2. For other OS, please refer to the official support sites for patch information.|
|Spectre||Some Spectre patches have been made available for some OS platforms. More information is assumed to be available later.|