Vulnerability Issues affecting Every Personal Computing Devices

Update Chrome and Firefox Browsers

Meltdown and Spectre vulnerabilities can also be exploited through 3rd parties browsers such as Chrome and Firefox, and these browsers have just recently announced their availabilities of updates to these vulnerabilities. So, users of these browsers are reminded to update their browsers as soon as possible. For more information, please visit their respective website.

Apply Microsoft’s patches in Staff LAN today

After a successful pilot testing on Microsoft’s patches for Meltdown and Spectre showing no significant impact to the computer performance, the patches are applied to all Staff LAN PCs today to fix the Meltdown and Spectre vulnerabilities. The KB numbers for patches applied to different Windows platforms are as follows:

KB4056892      2018-01 Cumulative Update for Windows 10/10x64
KB4056898      2018-01 Security Only Quality Update for Windows 8.1/8.1x64
KB4056895      2018-01 Security Monthly Quality Rollup for Windows 8.1/8.1x64
KB4056897      2018-01 Security Only Quality Update for Windows 7/7x64
KB4056894      2018-01 Security Monthly Quality Rollup for Windows 7/7x64

*The above fixes also apply to computers with AMD’s CPU.

Solution from Microsoft

Microsoft has announced that the patches to fix Meltdown and Spectre vulnerabilities are ready. These patches are tested in the CSC and will soon update to all domain-joined Staff LAN computers under different Windows platforms (Windows 7/Windows 8.1 and Windows 10). For non-CityU domain computers, users will have their update following the normal update schedule from Microsoft.

Performance Impact: From the experience of other users, a known performance issue of 5% to 30% speed degradation may occur after this Microsoft’s patches update.

Problem in AMD CPU: Microsoft has identified problem in updating these patches in computers running AMD CPU (blue screen error or frozen screen) and therefore the patches are not applied to computers with AMD CPU. While AMD is planning to release the firmware updates to fix this problem, the mentioned firmware update is still not available yet.

Solutions from others

For macOS and iOS, there are updates (iOS 11.2.2 and macOS 10.13.2) to defend the vulnerabilities.  Users using MacBook, iPad, Iphone etc. are required to update to these or higher versions to protect devices.

For Android devices, only some brands have their fixes.  It is advised to check with the webpage from different brands for the latest updates.

For Linux platforms, how to get the update depends on the Linux distribution, so please consult your system administrator on how to handle it.

We are aware of reports regarding some hardware vulnerability issues. Security researchers uncovered 2 security issues, Meltdown and Spectre, last week. These issues apply to and affect all modern processors (CPU) in nearly all computing devices and operating systems.  As a result of these vulnerabilities, passwords, encryption data and any other sensitive data may be leaked from computer/device memory intruded by exploiter/hacker.  This is a critical and serious flaw that has necessitated this announcement.  So far there is no known evidence either vulnerability was exploited, but users should be in high alert and avoid visiting unfamiliar websites referred by social media and unknown/suspicious email senders.  Also, making backup of your data in your computers/devices is also recommended.
Meltdown Microsoft has released the patches for Meltdown this week for your Windows desktops connected to the CityU domain, and the roll out will be automatic.  Please install the patches when prompted and restart your computer afterwards for them to take effect.  Apple has already released mitigations in MacOS 10.13.2.  For other OS, please refer to the official support sites for patch information.
Spectre Some Spectre patches have been made available for some OS platforms.  More information is assumed to be available later.

Computer Courses for Staff in September and October 2018

The Computing Services Centre (CSC) is pleased to present herewith a list of computer training courses for the months of September and October.

Course Date Course Title Suggested Online Course
12 & 19 September 2018
Visual Design for PowerPoint Presentations PowerPoint: Using Photos and Video Effectively for Great Presentations
26 September & 03 October 2018
Microsoft Excel 2016 - Advanced Excel 2016: Advanced Formulas and Functions
10 October 2018 How to Practise Safe Computing Securing Microsoft Office Files
Securing Your Mobile Device
12 October 2018 Data Collection & Sharing Made Easy Using SharePoint SharePoint Online Essential Training
24 & 31 October 2018 Adobe Photoshop CS6 - Introduction Photoshop CS6 Essential Training

Should you be interested, please register through AIMS.  For details of the application procedures and admission guidelines, please visit the CSC Web. Alternatively, you may access similar online courses anytime and anywhere by logging into your CityU account.