While Microsoft has long since the patched the Spectre and Meltdown vulnerabilities, Enterprises and businesses aren’t exactly clear on what they have to do ensure their devices are safe.
A study done by Barkly, a blog dedicated to security, has found that while 75% of enterprises have begun to patch their devices, only 4% of them are fully patched.
The reason for this lag isn’t due to any particular insouciance or laziness, rather there is a lack of information about what needs to be done.
To illustrate this, Microsoft has a PowerShell script which administrators can use to tell whether their PCs are all patched for Spectre or Meltdown, but only 41% of IT pros surveyed by Barkly even know it’s been run.
Microsoft also has a registry key that needs to exist before the patches are rolled out to the PCs when it comes to PCs with third-party anti-virus software installed, but not all software vendors are aware that this registry key needs to exist, or who needs to install it.
Barkly’s Johnathan Crowe writes “that 80 percent of respondents say the update process hasn’t been entirely clear, overall, and that lack of clarity is leaving many with questions and concerns. Two-thirds have expressed concern that this issue isn’t fully under control. ”
To be clear, Microsoft has released the patches, but there is a lack of knowledge by IT Pros on what to do. It’s not entirely clear if Microsoft can do anything from its end to mitigate this, but we expect that issues with meltdown and spectre will be resolved as more admins get a handle on the process.
You can read the full report here at Barkly’s blog.