So, 2018Â has really kicked off with a bang! Â If you use a computer, tablet, phone, etc (hint, if you think you’re not then how are you reading this page 😉 )… then you really need to be aware of one of the latest vulnerabilities … and, I would argue, one of the most significant the IT industry has faced to date!
What is Meltdown/Spectre?
For a rather interesting variety of reasons, I’m actually not going toÂ cover the detail of what these vulnerabilities are, what they affect, or how they work. Â These have been well documented in many different locations, and you only need to Googleâ„¢ the two names to find out more (or, you could use one of the reference links below!).
What should I do?
A purely personal perspective … would beÂ to:
- Patch in a non-production environment
- Test again
- Then, carefully promoteÂ to production, having taken into account a risk-based approach
That patching is required is well documented, and clear. Â What is also clear is that there is an evolving set ofÂ patches from many different vendors. Â Before applying any patches, understand what is needed, understand what they do, verify that you have the latest information available. Â And please … test!
Did someone say “performance”?
There is a lot ofÂ ahem “speculation” aboutÂ whether implementing theÂ various mitigation patches will affect the performance of a system/device. Â Without offering an opinion either way, I did find the following article fromÂ Olaf Kirch, Distinguished Engineer and VP of Engineering at SUSE, very interesting. Â In this article, he explains why it is so difficult to predict the performance impact of these mitigations and why the only real answer is to do your own benchmarks.