IT Security Advisory: Meltdown and Spectre Awareness

Learn about these two security vulnerabilities, and what you can do to stay safe.

Many of you may have heard through various media sources about two major security vulnerabilities, Meltdown and Spectre. It has been revealed that nearly every central processing unit (CPU) manufactured in the last 20 years is affected by these vulnerabilities.Thus, this issue is believed to affect computers and devices worldwide.

Meltdown and Spectre could allow attackers to gain access to data stored on computers and mobile devices. However, no remote exploitation of this vulnerability has been reported: A remote exploitation works over a network and exploits the security vulnerability without having prior access to the vulnerable system.

As with all IT Security matters, McGill IT Services recognizes the seriousness of this threat and is taking steps to ensure the safety of the McGill community. We are presently assessing the impact of Meltdown and Spectre on McGill computers and applying fixes provided by McGill’s IT vendors.

In addition, we urge all members of the McGill community to ensure that their personal computers and mobile devices are protected against these, and other online threats, by following the guidelines included in this article.

To ensure optimal security for your computer or device against online threats, we recommend the following:

  1. Keep your operating system and software up to date by applying software updates, or “patches” as they become available. Most software vendors have already issued patches for Meltdown and Spectre – apply these as they become available to protect your computer against the most recently reported threats. More updates are forthcoming, so look out for prompts to update your software. Refer to the IT Knowledge Base article Keep your operating system and software up to date for more information.
  2. Reboot your computer when prompted, as soon as possible, following critical system updates: A reboot is often necessary in order for these to take effect.
  3. For additional support: We strongly recommend that users contact IT Customer Services (ICS) or their local LAN Administrator.

IT security awareness - additional resources

As part of our ongoing mandate, McGill IT Services strives to protect McGill’s resources and promote awareness of IT security throughout the community. In case of any security incidents please inform the IT Service Desk immediately.