What do MSP’s need to know about the Spectre and Meltdown vulnerabilities in order to protect themselves and their customers?
It’s always best to start at the beginning, and in the case of Meltdown and Spectre, that could mean going back some 20 years as almost every processor manufactured during the past couple of decades seems to be impacted by these vulnerabilities. Both were actually discovered by a number of researchers, including those at the Google® Project Zero group, back in the summer of 2017. Working within the remit of responsible disclosure, the researchers combined resources with vendors, cloud providers, OS developers, and chip manufacturers to provide fixes, or relevant guidance where no fix was viable, within an agreed disclosure date of January 9th (Patch Tuesday). Unfortunately, the news leaked a week ahead of schedule and that’s when all hell broke loose. Some patches were brought forward, others remained in the shadows, and a speculation epidemic hit the national news headlines.