BITLOCKER & KB4056892

Windows-10-logoIf you are using bitlocker you should disable it so you can redo the security after the mess of the CPU cache problem. Windows 10 version 1709 with KB4056892 installed will fix the CPU cache problems called Meltdown and Spectre.

Once it is decrypted, then bitlocker can be turned on again with a new key. This way the machine is far less likely to have the key stolen by a CPU error.

Windows 10 is slowly implementing more sandboxing for applications to provide fore security and the recently CPU problems show that there is much more work to be done.

Bitlocker works best with a TPM chip on the machine. This way the keys are securely stored. If your machine does not have a TPM chip then a USB stick will be needed to boot the machine as the key cannot be stored otherwise.

TPM chips are still not widely available for desktop machines and many mobile machines also lack the hardware. This makes security a problem which is an industry problem that needs correction.

Unfortunately adding a TPM chip does add a few pesos to the cost of a system board but such logic probably can now be added to the system on a chip CPU designs which are typical today.