On the 6th January, an industry-wide, hardware-based security vulnerability was disclosed by the Project Zero team at Google.
The vulnerability exists in almost all modern Intel and AMD CPU’s (virtually every laptop, desktop and server made in the last 15 years). Microsoft and Apple have both already issued patches to prevent attackers from exploiting the CPU via their operating systems however the issue is a hardware level one, and the only permanent fix will involve new hardware.
While this exploit has been patched, and there are no known breaches ‘in the wild’, The irreverent IT Journal, TheRegister reports that patches on Microsoft Windows causing up to 30% (typically 5-7%) decrease in maximum system performance. Microsoft state that 2015-era PC’s and earlier will, “notice a decrease in system performance“.
The security of our customers’ data is of our utmost importance, and we can confirm that our supply chain is patched against both the Spectre and Meltdown vulnerabilities and we have additional CPU resources available to scale to cover the performance difference.
How will this affect my business?
As long as you are running Windows 7 or later and have downloaded and installed the system updates, you’ll be fine. If you’re using an Oracle system, you’ll need to apply their updates (a round-up of 237 security fixes so far this month) to each of their products.
If you’re running CPU-intensive tasks, typically hosting on-premises databases then you may notice a slight drop in data operations during peak load times. Most commonly client-side report generation (e.g. Crystal Reports, SQL Server Reporting Services [SSRS] and Microsoft Office forms and reports) may notice take a little longer to render and display than before. We offer report writing services for most of the report writing tools and may be able to offset the performance loss with better-written and more efficient reports. If this interests you, contact us for a quote.