There’s been a lot of coverage of the recently announced chipset vulnerability that’s been found in major suppliers of computer chips (e.g. Intel, AMD). The vulnerability, if exploited, could allow hackers to access areas of, otherwise normally, inaccessible memory which may be used for storing sensitive data, passwords, encryption keys, etc.
There’s been a lot of press coverage of the vulnerabilities over the last couple of weeks, so this post doesn’t serve to repeat what’s been said elsewhere, but to sign post, to Digital Compliance Hub subscribers, information about the vulnerability and what you should do about it.
If you’re interested in understanding details of the vulnerabilities then check out this posting from the Wordfence folk on their Defiant blog, read this post on the BBC News website or this information from the National Cyber Security Centre. And due to the sensitivities of the kinds of data that could be vulnerable, the Information Commissioner’s Office have also issued some useful guidance.
Whilst there doesn’t appear, as yet, to be any indication the vulnerabilities are being exploited, it could only be a matter of time, now that they are in the public domain. You should therefore make sure you understand how you can update all your software and systems by checking with your vendors about how to patch against the vulnerabilities. Here’s some links to information available from some of the big name vendors: