I had a nice little article planned for everyone about avoiding Black Friday/Cyber Monday shopping “deals”, but Intel just had to hog the spotlight this Thanksgiving. Based upon findings by security researchers several weeks ago, computer chip manufacturer Intel has released information on multiple vulnerabilities in the following CPU models:
- 6th, 7th, and 8th generation Intel® Core™ Processor Family
- Intel® Xeon® Processor E3-1200 v5 and v6 Product Family
- Intel® Xeon® Processor Scalable Family
- Intel® Xeon® Processor W Family
- Intel Atom® C3000 Processor Family
- Apollo Lake Intel Atom® Processor E3900 series
- Apollo Lake Intel® Pentium® Processors
- Intel® Celeron® N and J series Processors
Given that this represents a large chunk of what most computer manufacturers have been selling since 2015, it’s safe to say that millions of computers and devices are at some risk. HOWEVER there are (as of the moment) no known exploits in the wild seeking to take advantage of the published security flaws.
As of this writing, the major computer manufacturers have not yet released any firmware updates that will address these vulnerabilities. Dell has said that patches are coming but has not said when, and Lenovo has said that it is “hoping” to have “some” firmware updates by the 23rd. For now, the most that anyone can do is run a tool provided by Intel (Linux and Windows only at the mment) to determine if their system is vulnerable. It’s not clear whether Apple computers are affected – the current consensus is “maybe not,” but don’t take that to the bank just yet.
What this means for you:
Don’t panic. Enjoy your holiday (if you are taking one), and give us a ring on Monday to schedule a check of your equipment. Even though I’m sure there are some black hats out there right now frantically working on a way to exploit Intel’s colossal goof, the actual execution still requires a fairly specific set of conditions for the exploit to be possible. In the meantime, make sure your critical data is backed up, keep your operating system, antivirus and anti-malware software updated, avoid clicking suspicious links, don’t open strange attachments, and above all, stay vigilant.