Security Advisory – Processor Speculative Execution (Spectre and Meltdown)

Processor Speculative Execution Advisory (Last Updated 1/17/2018)

IP Pathways is monitoring the recently released class of security vulnerabilities generally referred to as Processor Speculative Execution.  The variants of these vulnerabilities are also referred to by the names of Meltdown and Spectre.  These hardware bugs have been present in processors from various manufactures produced in the past decade and allow for unauthorized reading of memory contents.  Such memory contents could contain passwords and other sensitive information.  These vulnerabilities are wide-spread and affect servers, personal computers, mobile devices, cloud servers, and other products to varying degrees.  While there are no known attacks that have occurred using this vulnerability, proof-of-concept and research disclosures have been released on the Internet this week.  Following are several links with more detailed information:

Hardware and software vendors have released or are releasing patches to protect against these vulnerabilities.  IP Pathways recommends that customers begin evaluating and patching their systems as soon as possible.  Both hardware (BIOS and other firmware) and software (hypervisor and operating system) patches should be applied.  The industry is reporting system performance impacts from the patches/mitigations, however the extent of any performance impact will vary based on the system and type of workload.  Following are several links with specific vendor guidance.  For guidance from other vendors please contact IP Pathways’ Support or the vendor directly.

·     Aruba: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
·     Apple: https://support.apple.com/en-us/HT208394
·     Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
·     Dell/EMC: https://www.dell.com/support/article/us/en/04/sln308588/microprocessor-side-channel-vulnerabilities-cve-2017-5715-cve-2017-5753-cve-2017-5754-impact-on-dell-emc-products-dell-enterprise-servers-storage-and-networking-?lang=en
·     Microsoft: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
·     NetApp: https://security.netapp.com/advisory/ntap-20180104-0001/
·     Redhat: https://access.redhat.com/security/vulnerabilities/speculativeexecution
·     Sophos: https://community.sophos.com/kb/en-us/128053
·     SuSE: https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities
·     Unitrends: https://www.unitrends.com/blog/meltdown-and-spectre
·     VMware: https://www.vmware.com/security/advisories/VMSA-2018-0002.html
https://kb.vmware.com/s/article/52345

IP Pathways is also evaluating and patching all IP Pathways data center and cloud services infrastructure and operating systems to protect against any attacks.  However, all colocation and non-IP Pathways managed data center/cloud servers and operating systems should be patched by customers as soon as possible.  IP Pathways’ Support is available for assistance and further information at 515-422-9300 (option #2) and support@ippathways.com.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *