Note: This post will be updated with links to detailed guidance as it becomes available.
A new type of vulnerability has been discovered in most modern processors found in desktops, laptops, servers, phones and tablets. They have optimizations that let them preload bits of data associated with data currently in use. While this speeds up the processing, security researchers discovered that this preloaded data can be accessed by malicious code.
What is the Risk?
Spectre and Meltdown are two methods of peeking at a processor's preloaded data. In short, if an attacker is able to run code on a device, they can use these exploits to read data they wouldn't ordinarily be able to see, including passwords or security certificates.
What is Harvard Doing?
Harvard Information Security is reviewing the security implications of this vulnerability and will work with our IT support and vendors to address the risks. Support services across Harvard will install security updates for Harvard-managed systems through system management software, such as Landesk and Casper.
What Can I Do?
If you have a Harvard-managed computer, apply the updates as they become available. For computers, phones and tablets you manage yourself, make sure you enable automatic updates. This way, you'll get the latest patches as soon as they become available.
Note: If you use third-party antivirus software on Windows, make sure to keep that up to date as well. Out-of-date anti-virus could interfere with patching.
Official announcement: https://meltdownattack.com/
Harvard IT Help knowledge base article: https://harvard.service-now.com/ithelp?id=kb_article&sys_id=b9d24160db6f4b0ca752f1a51d961903
Detailed guidance for IT professionals: https://security.harvard.edu/blog/spectre-and-meltdown-vulnerabilities-it-professionals