Meltdown and Spectre Security Updates

by

January 7, 2018

Meltdown and Spectre Security Updates: The new year begins with the announcement of two serious security vulnerabilities in processors made by Intel and others. Researchers from Google’s Project Zero discovered the vulnerabilities last year, and worked with Linux, Microsoft and VMWare to develop a fix. The first round of fixes are now available and we will be deploying the Microsoft Update to all managed Windows computers this month. Community IT clients with servers running VMWare will need to coordinate a maintenance window when this update can be applied manually. More details about these vulnerabilities are available at https://meltdownattack.com/.  Additional updates are likely and may require BIOS and Firmware updates.  The vulnerabilities also affects MacOS, iOS and Android.  Those devices will need to be patched as well once the manufacturers release an update.

Microsoft has confirmed the Windows update in a statement:

“We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.”

Intel: https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/

Microsoft: https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

VMware: https://www.vmware.com/security/advisories/VMSA-2018-0002.html

Apple: http://appleinsider.com/articles/18/01/03/apple-has-already-partially-implemented-fix-in-macos-for-kpti-intel-cpu-security-flaw

 

Meltdown and Spectre Security Updates