Parata's COVID-19 Response

TCGRx – Spectre & Meltdown Microprocessor Vulnerabilities

Recently, new PC hardware (firmware) microprocessor vulnerabilities were identified known as “Spectre” and “Meltdown.” PC Computers supplied by TCGRx utilize Intel processors and are thus vulnerable to these exploits.

As a reminder, maintenance of operating system patches and anti-virus is the responsibility of the pharmacy. Please direct questions to your pharmacy Information Technology staff as desired.

Even though these vulnerabilities are hardware-based, they can only be exploited by software viruses, worms, and the like. Thus, TCGRx recommends the following steps to mitigate your pharmacy’s risk:

  • Microsoft has released patches to help protect against these exploits, so please ensure your PC’s operating systems are up to date with the latest Microsoft security patches.
  • Ensure the PC’s are up to late with the latest hardware (firmware) patches as described by Dell Computers. As of January 22, 2018, Dell retracted its firmware updates related to these vulnerabilities and was advising its customers to hold off updating firmware until other patches can be created, tested, and deployed. Hewlett-Packard pulled their firmware patches back around January 26, 2018. Please follow the conversation at the following links: Dell Support Article Related for Firmware Updates and HP Support Article for Related Firmware Updates
  • Ensure the systems utilize whatever anti-virus protections your pharmacy requires and the protection is up to date.
  • Ensure your network is hardened against outside attacks.
  • Ensure your web browsers are continually updated with the most current versions. Mozilla Firefox (the default browser within TCGRx PC’s), Microsoft Edge, and Google Chrome all have updates designed to assist with protecting against these vulnerabilities.
  • Ensure your pharmacists and technicians are educated to not visit suspicious web sites, to not click unknown links, and to not install software not authorized by your IT staff. Note: Web browsers are the most common portal through which an attacker can access a system, because it is via a browser that users can most easily visit suspicious destinations. Also, a web browser runs code (JavaScript, for example), to which intrusive code might be attached.
Other Stories You May Like