CPU vulnerabilities - Meltdown and Spectre Information

In light of the recent CPU vulnerabilities - Meltdown and Spectre, PFH Technology Group would like to advise customers of the current status and available fixes for different systems.

It is believed that the vulnerability affects x86 (Intel and AMD chipsets), POWER 8, POWER 9, System z, and ARM processors, including iPhones/ipads, android phones/tablets this advisor email only covers the most common systems, please check with your hardware vendor for more information.

Microsoft

Microsoft have responded accordingly and have provided updates for relevant Microsoft solutions.

On Jan 3rd, Microsoft issued out-of-band updates that address Meltdown and Spectre, two security flaws said to be affecting almost all CPUs released since 1995. According to a Microsoft security advisories, these are the Windows security updates that address the Meltdown and Spectre flaws for various Windows distributions. Microsoft was not planning on releasing the updates until next week, on Patch Tuesday, but was forced to roll out fixes after Google went public with details about the two vulnerabilities.

• Guidance for Windows desktop users https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
• Guidance for Windows Server users https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
• Security advisory ADV180002  (contains KB numbers for update packages) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
• Update compatibility warning for users with third-party anti-virus software  https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released

VMware

VMware have responded accordingly and has provided updates for relevant VMware solutions.

For your reference, please refer to the following blog for more information: https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html

We would recommend that all the teams responsible for both VMware and Security within the organisation register with the following VMware site to get updates on security patches/updates for any VMware solutions: https://www.vmware.com/security/advisories.html”

Lenovo

https://support.lenovo.com/ie/en/solutions/len-18282

Apple

iOS and Mac

https://support.apple.com/en-us/HT208394

Android

Please check with you device manufacture.

Linux

Please check with your Linux distribution vendor for information

Redhat

Red Hat strongly suggests that users update all systems even if they do not believe their configuration poses a direct threat. Please see https://access.redhat.com/security/vulnerabilities/speculativeexecution

Citrix

https://support.citrix.com/article/CTX231399

Background Information

Google: Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws

https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/

Contact your local support desk if any issues arise.