wikiProtection of PC from Meltdown and Spectre
The security vulnerabilies Meltdown and Spectre, that were published in January 2018, enable to read out private data from the working memory of a computer. Simply visiting a malicious website can be enough for its operator to read private data such as passwords.[1] In this article, we inform you how to secure your PC.
Webbrowser
Mozilla Firefox
Update your Firefox webbrowser on version 57.0.4:
-
Click on the menu icon in the top right corner, then on Help, and finally on About Firefox. -
Click on Restart Firefox to complete the update. -
Firefox is updated after restart.
More information:
- Mitigations landing for new class of timing attack (blog.mozilla.org, last updated on January 4th, 2018)
Google Chrome
Activate the Strict site isolation function and perform the following steps:
-
Enter the following URL in the address bar of your browser chrome://flags/#enable-site-per-process and click on Activate next to Strict site isolation. -
Click on RESTART NOW. -
The Strict site isolation function is now activated.
More information:
- Google’s Mitigations Against CPU Speculative Execution Attack Methods (support.google.com)
- Actions Required to Mitigate Speculative Side-Channel Attack Techniques (chromium.org)
- Increase security with site isolation (support.google.com)
- Site Isolation (chromium.org)
Microsoft Edge and Internet Explorer
If your PC fulfills certain prerequisites, the KB4056890 update is provided for Windows 10 and Windows server 2016 via Windows update function:
- January 3, 2018—KB4056890 (OS Build 14393.2007) (support.microsoft.com)
More information:
- Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer (blogs.windows.com)
Operating system
Please update your operating system regularly and keep attention to the information of the respective producer (Microsoft, Apple, Linux distributors). Further information on operating system updates, that are available, can be found in the following article: Safety instructions for Meltdown and Spectre.
References
- ↑ Speculative execution side-channel attack ("Spectre") (www.mozilla.org/en-US/security): Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web page could read data from other web sites (violating the same-origin policy) or private data from the browser itself.
 |
Author: Werner Fischer Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
