ITCS Blog

ITCS responds to publicity surrounding CPU Chipset Vulnerabilities

Wayne Harris, Compliance Officer & Cyber Security expert at ITCS discusses the impact of the much-publicised chipset vulnerabilities revealed on 3 January.

There has been a flurry of publicity surrounding vulnerabilities identified within the Intel chipset (processors), however this vulnerability also affects other mainstream manufacturers AMD and ARM.  Together, these manufacturers provide the vast majority of processors in use by modern computer manufacturers.

Who is at risk and what is the threat?

The two vulnerabilities which have been revealed, ‘Meltdown’ and ‘Spectre’ affect every modern computer containing one of these processors, i.e. the majority of PCs on the market.  The CPU chipset vulnerabilities are present in most of the processors produced in the last decade and in certain circumstances the vulnerability allows access to contents of protected memory areas by some applications such as javascript in web browsers.

That said, despite the hype, the threat is currently considered low on the Common Vulnerability Scoring System (CVSS).

What is being done to tackle the risk?

The underlying vulnerability is primarily caused by CPU architecture design choices, so fully removing the vulnerability will require the replacement of the CPU hardware.  The true long-term solution will be the replacement of the vulnerable chipsets entirely – but don’t expect a product recall any time soon.

While it may be technically accurate to say a completely redesigned chip is the ultimate solution, large-scale hardware replacements would possibly amount to a needless, over-the-top reaction.  It is unlikely that manufacturers will offer chip replacements – we expect them to instead provide a solution to fix any chipset vulnerabilities with a patch.

Microsoft, Apple and other Operating system vendors have all responded quickly and they have released (or are working on) solutions which will ‘patch’ these vulnerabilities.

Will I notice any difference when my PC is patched for chip vulnerabilities?

Unfortunately, at present there is a performance cost to this patch solution –  because the solution involves segregating the kernel into a completely different address space, it takes additional time to separate the memory addresses and switch between the two.  The impact on performance will vary – anything from a 5% to 30% reduction in processing speed can be expected.

How are ITCS responding?

At ITCS, we have been monitoring the vulnerability since the news broke.

We have already implemented a roll out of the Microsoft patch update throughout our contracted customers to address these vulnerabilities.  Users may have had to restart their computers to apply the changes, and we will monitor these installations to ensure our customers continue to be protected with up‑to‑date vulnerability patching.

How should our customers respond?

This vulnerability highlights the need and importance of regular vulnerability reviews, and the timely installation vendor patching to reduce the risks to businesses from cyber-attack.

For a review of your cyber security, please contact ITCS on 08456 444 200, or use the call back request to speak to one of our support team.

 

 

WebITCS responds to publicity surrounding CPU Chipset Vulnerabilities