CPU vulnerabilities - Meltdown and Spectre Information
In light of the recent CPU vulnerabilities - Meltdown and Spectre, PFH Technology Group would like to advise customers of the current status and available fixes for different systems.
It is believed that the vulnerability affects x86 (Intel and AMD chipsets), POWER 8, POWER 9, System z, and ARM processors, including iPhones/ipads, android phones/tablets this advisor email only covers the most common systems, please check with your hardware vendor for more information.
Microsoft have responded accordingly and have provided updates for relevant Microsoft solutions.
On Jan 3rd, Microsoft issued out-of-band updates that address Meltdown and Spectre, two security flaws said to be affecting almost all CPUs released since 1995. According to a Microsoft security advisories, these are the Windows security updates that address the Meltdown and Spectre flaws for various Windows distributions. Microsoft was not planning on releasing the updates until next week, on Patch Tuesday, but was forced to roll out fixes after Google went public with details about the two vulnerabilities.
- Guidance for Windows desktop users https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
- Guidance for Windows Server users https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
- Security advisory ADV180002 (contains KB numbers for update packages) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- Update compatibility warning for users with third-party anti-virus software https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
VMware have responded accordingly and has provided updates for relevant VMware solutions.
For your reference, please refer to the following blog for more information: https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html
We would recommend that all the teams responsible for both VMware and Security within the organisation register with the following VMware site to get updates on security patches/updates for any VMware solutions: https://www.vmware.com/security/advisories.html”
iOS and Mac
Please check with you device manufacture.
Please check with your Linux distribution vendor for information
Red Hat strongly suggests that users update all systems even if they do not believe their configuration poses a direct threat. Please see https://access.redhat.com/security/vulnerabilities/speculativeexecution
Google: Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
Contact your local support desk if any issues arise.