Previous Articles In This Series:

• Meltdown & Spectre Part I: What Are They?
• Meltdown & Spectre Part II: Impacts to Healthcare Organizations
• Meltdown & Spectre Part III: Checking and Updating Your Computer

In the last post in this series, we started the process of updating your computer against the Meltdown and Spectre vulnerabilities. We started by checking whether you are protected, then updating the Windows operating system. In this post we will go over updating the firmware (the low-level programming instructions that tell your PC’s hardware how to work) and key vulnerable software applications.

Step 2 Continued: Update Your System

Updating Firmware

Updating your PC’s firmware can be a little bit more complicated than updating the operating system, because the process varies depending on who manufactured your PC. Essentially, we are reaching out to Lenovo / HP / Dell / Asus / whomever to download and install the necessary updates from them. I’ll walk through the process using a HP laptop to give a general overview, but your process may vary.

1. First, we want to see if the manufacturer has already provided a firmware update program on your computer. Open the Start menu, and start by searching by the manufacturer name. Look for a program with “Support” or “Update” in the title. In my case, I search “HP” and find a program called HP Support Assistant. On another laptop in our office, a Dell, the program is called Dell Update. If you find a program that seems to fit the bill, open it.

Note: If you do not find an update program from the manufacturer already installed on your system, then you may need to go to the PC manufacturer support website to find the necessary updates.

1. Find the Support webpage for your PC manufacturer. In my case, that’s support.hp.com.
2. Search for your PC by model name or number. Better yet, take advantage of an “Identify” or “Detect” option if one is available.
3. If the “Identify My PC” option prompts you to download an application, do so, then go through the process to install and run the application. If during that process it also recommends installing the Support Assistant (or similarly-named) application, take advantage of that as well.
4. Once the Support Assistant program is installed on your computer, continue with the steps below.

2. In the Support Assistant, look for an option to run updates.
3. Follow any prompts to check for updates and install any that are found. Depending on the updates, this may involve a number of steps and even restarting your computer. Just keep following the prompts. (If your computer restarts, you may need to reopen the Support Assistant application again in order to finish the updates.)
4. Once any updates are installed, go back to wherever you saved the Inspectre application (likely your Downloads folder) and run it again.

Hopefully at this point Inspectre indicates you were successful!

If Inspectre indicates you are still vulnerable, then your PC manufacturer may not have an update for your PC yet. Check your manufacturer’s website for announcements about the Meltdown/Spectre vulnerabilities, which should include a detailed list of the models and product numbers for which they have developed updates. Keep checking back, as the list will grow over time.

Step 3: Checking and Updating Key Software Applications

In addition to updating your computer firmware and OS, you also need to make sure vulnerable software applications are up to date. The main applications to focus on are browsers, Adobe products like Reader and Flash, and Java.

1. Browsers: If you followed the recommendation earlier to allow Windows Update to also manage updates to other Microsoft products, then you are covered for Internet Explorer and Edge. Check your system for other browsers as well, such as Chrome, Firefox, and Opera, and make sure they are updated to the latest version.
2. Adobe Products: Check your computer for Adobe Reader (sometimes called Acrobat) and for Flash Player. If you have them, make sure they are up to date via the “Check for Updates” option in the Help menu or by downloading the latest versions from the Adobe site. Make sure to download these from Adobe.com only — not from a 3rd party site!
3. Java: The Java website provides a tool to check if you have Java installed and determine the version. (Click here to access the Java site.)

Conclusion

This may seem like a lot of work for something so invisible and hidden. But as I noted at the beginning of this series, Meltdown and Spectre represent completely new types of vulnerabilities — vulnerabilities deep in the foundations of how computers work. The steps outlined in the last two posts in this series are like repairing a crack in the foundation of your house. It isn’t pretty, and nobody can see it from the outside, but it saves you time and money in the long run. Nothing is stable on a cracked foundation.

I hope all of this information helps you protect yourself, your coworkers, and the patients or individuals you serve.

— — — — — — — — — —

Edit 3/12/2018: The previous version of this article referenced a “personal software inspector” named Secunia PSI which monitors whether your OS and applications are up-to-date. Flexera, the maker of Secunia PSI, just announced the product will no longer be available as of April 20, 2018. Other personal software inspectors are available, however we have no experience with them and cannot make any recommendations at this time.