Gibson Research Corporation released a wonderful test tool that will help you to determine if your workplace or home computer is properly secured against Intel microprocessor vulnerabilities (Spectre & Meltdown) that I have been harping about for the last year. See related posts..
I encourage everyone to download the tool from their website and run the tool to see if your computer is vulnerable. If so, patching of your computers isn’t happening shortly after Microsoft’s monthly release of their security updates. This month, Microsoft rush the release of some of their updates given the severity of the current vulnerabilities fully disclosed to the public.
You may download the tool from https://www.grc.com/inspectre.htm (Make sure you see the green locked bar in your browser when you are downloading. Microsoft Internet Explorer users may receive a false warning about this site having malware. That is a misclassification largely relating to the IT security tools GRC has on its websites.
You may get a notice that says Meltdown is patched but your computer is still vulnerable to Spectre. If you get that message, scroll down to see if it says you at least have operating system protection. Ideally you will have protection applied both at the Operating system level (Windows) and within your hardware’s firmware. Some hardware makers have yet to release firmware updates for motherboards to patch the flaw on the chip. Operating system protection provides some level of mitigation, but ideally your test results should look similar to the following results.
Ensuring computers in your organization have all recently released security patches and firmware applied each month following “Patch Tuesday” second Tuesday of the month release is probably the most important security challenge an organization faces today. If your work place isn’t compliant, it is not a question of if, but when you were or when you will become compromised. With the release of new security patches each month, details of the vulnerabilities being patched are disseminated publicly and broadly. This results in hackers and malicious operators building new hacker tools and malware designed to exploit the recently exposed vulnerabilities.
I think organizations today that are facing these challenges need to careful consider their spending in training and software tools for their IT department. Network security within a company must have ongoing training and tools that are regularly updated and proven to help tackle the challenge of patch management and deployment. Having one person run around to every computer to check and patch them isn’t scalable or a reliable way to keep an organization safe. There are a number of tools out there that can make a big difference and help your IT department tackle this challenge. In another post, I will write about some of those tools.