Skip to main content

Northwestern Monitoring Meltdown and Spectre Security Flaws

Posted Date: 4 Jan 2018

Modified Date: 5 Jan 2018

Effective Date: 4 Jan 2018

UPDATE

January 29, 2018: Northwestern IT has created a web page to provide you with information and quick links to manufacturer resources surrounding the Meltdown and Spectre vulnerabilities. Visit Meltdown and Spectre Resources

January 5,  2018: Northwestern IT is working with our IT vendors, University school and department IT partners, and our peer institutions as we continue to assess and monitor this rapidly evolving event. Presently, there are no reports of this vulnerability being exploited worldwide, and Northwestern IT is testing vendor patches as they become available.

We will continue working closely with our IT partners on the application of patches once they have been thoroughly tested. Application of patches is planned to begin early next week.  Updates regarding remediation events will be provided as more information becomes available.

******************************************************************************************************

Northwestern Information Technology (IT) is monitoring two major security flaws, named Meltdown and Spectre, which were made public this week. Both relate to a critical vulnerability in computer processor hardware.

This vulnerability affects all personal computers, mobile devices, and, potentially, data stored in the cloud. An attacker could access system memory, which contains information including passwords, usernames, private keys, and encrypted data.

Since learning of the vulnerability, Northwestern IT immediately began assessing the exposure of campus systems and has not detected any exploits.

End User Impact

The advice for remediation is the same for all users, system administrators, and those in managed environments: It is extremely important to apply the latest patches as soon as they are available. This includes operating systems, browsers, and applications, and manufacturer firmware.

At this time, patches are available for Windows and Linux servers, and for major browsers. Client/desktop updates to Windows, MacOS, and iOS devices have not yet been released.

Northwestern IT is currently reviewing network and enterprise computing infrastructure to determine the extent of the exposure and prioritizing the patching. Distributed Support Services customers will also be patched as updates become available.

Additional information, including details regarding patching of systems that may interrupt service delivery, will be distributed as it becomes available.

Back to top