Two steps you can do right now to help protect you from Spectre and Meltdown:
-
Verify if new Windows protections are enabled:
Microsoft’s update process for Windows has been complicated by compatibility issues with quite a few antivirus solutions, making it more difficult for admins to confirm whether their organizations’ machines are protected or not. To help check, Microsoft has provided a PowerShell script that system administrators can run to verify whether the security updates are in fact installed properly. Check it out on the Microsoft Support site HERE.
-
Install browser updates and turn on site isolation
According to vulnerability researchers, the most likely exploitations of Spectre are web-based attacks using JavaScript to leak information cached in the browser. Mozilla has already issued Firefox version 57.0.4, which includes mitigations for these attacks. As stated in the last post, Google has announced patches will be included in its next Chrome update scheduled for January 23. In the meantime, both Chrome and Firefox users are advised to turn on site isolation, which can help prevent a site from stealing data from another site.