CPU vulnerabilities - Meltdown and Spectre Information
In light of the recent CPU vulnerabilities - Meltdown and Spectre, PFH Technology Group would like to advise customers of the current status and available fixes for different systems.
It is believed that the vulnerability affects x86 (Intel and AMD chipsets), POWER 8, POWER 9, System z, and ARM processors, including iPhones/ipads, android phones/tablets this advisor email only covers the most common systems, please check with your hardware vendor for more information.
Microsoft
Microsoft have responded accordingly and have provided updates for relevant Microsoft solutions.
On Jan 3rd, Microsoft issued out-of-band updates that address Meltdown and Spectre, two security flaws said to be affecting almost all CPUs released since 1995. According to a Microsoft security advisories, these are the Windows security updates that address the Meltdown and Spectre flaws for various Windows distributions. Microsoft was not planning on releasing the updates until next week, on Patch Tuesday, but was forced to roll out fixes after Google went public with details about the two vulnerabilities.
- Guidance for Windows desktop users https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
- Guidance for Windows Server users https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
- Security advisory ADV180002 (contains KB numbers for update packages) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- Update compatibility warning for users with third-party anti-virus software https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
VMware
VMware have responded accordingly and has provided updates for relevant VMware solutions.
For your reference, please refer to the following blog for more information: https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html
We would recommend that all the teams responsible for both VMware and Security within the organisation register with the following VMware site to get updates on security patches/updates for any VMware solutions: https://www.vmware.com/security/advisories.html”
Lenovo
https://support.lenovo.com/ie/en/solutions/len-18282
Apple
iOS and Mac
https://support.apple.com/en-us/HT208394
Android
Please check with you device manufacture.
Linux
Please check with your Linux distribution vendor for information
Redhat
Red Hat strongly suggests that users update all systems even if they do not believe their configuration poses a direct threat. Please see https://access.redhat.com/security/vulnerabilities/speculativeexecution
Citrix
https://support.citrix.com/article/CTX231399
Background Information
Google: Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
Contact your local support desk if any issues arise.