Information Technology Services Centre - CPU Multiple Vulnerabilities (aka Meltdown and Spectre)
  • Submit
  • CPU Multiple Vulnerabilities (aka Meltdown and Spectre)

    Multiple Vulnerabilities were identified in CPUs, a remote attacker can exploit these vulnerabilities to bypass security restriction and get sensitive information from the targeted system. They work on personal computers, mobile devices, and in the cloud.

     

    Vulnerability

    Vulnerability Note VU#584653 refers to the following three variants:

    • Variant 1: bounds check bypass (CVE-2017-5753, Spectre)
    • Variant 2: branch target injection (CVE-2017-5715, also Spectre)
    • Variant 3: rogue data cache load (CVE-2017-5754, Meltdown)

     

    Available Patches

    Please note that:

    • Some patches may affect the performance of the system, so before installing the patches, please visit hardware and software vendor website for more detail information and get appropriate patches.
    • Patches will be provided by each vendor and might be applicable to some specific version only.
    Vendor  Information to be noted Status Vendor Website
    CPU Hardware   
    AMD Affected  Vendor Information
    ARM Affected  Vendor Information
    INTEL Affected  Vendor Information
    Operating Systems and Software   
    Apple Patches Available (OS)
    Patches Available (Safari)
     Vendor Information
    Linux Kernel Patches Available (RHEL)
    Patches Available (SUSE)
    Microsoft Patches Available
    Google  Android, Chrome browser, Chrome OS Patches Available
    Mozilla  Firefox Patches Available
    Anti-Virus
    • Make sure the database of anti-virus software is updated to be compatible with new Microsoft patches.
      (for example, for Windows 7/2008 https://support.microsoft.com/en-us/help/4056894/windows-7-update-kb4056894)
      “Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV have updated the ALLOW REGKEY.”
    • You can check if HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc is exist or not.
    • DO NOT manually add this key. It must be added by compatible Anti-Virus software.
    • For example, the follow command:
      reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc
      Should return “(Default) REG_DWORD 0x0” for compatible Anti-virus software.
    Kaspersky Database released on 28 Dec 2017 or later Vendor Information
    Firewall (need to consider Firewall protection and Firewall OS separately)
    Palo Alto For PA Firewall Protection:
    • Make sure Application and Threat Content (Version 763) is installed.
    For PA Firewall OS - PAN-OS/Panorama:
    • Palo Alto Networks Security Advisory (https://securityadvisories.paloaltonetworks.com/)
    • Information about Meltdown and Spectre findings (PAN-SA-2018-0001) "Palo Alto Networks is aware of recent vulnerability disclosures, known as Meltdown and Spectre, that affect modern CPU architectures. Preliminary findings conclude that these vulnerabilities pose no increased risk to Palo Alto Networks PAN-OS devices. (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754)."
      "There are no immediate plans to release a software update to PAN-OS in response to these issues at this time."
    Application and Threat Content (Version 763)  
    Fortinet For Fortinet Firewall Protection:
    • New IPS signature on 5 Jan to prevent CPU speculative execution was released. Enable IPS function and update latest Fortiguard signature.
    • The new signature is "CPU.Speculative.Executive.Timing.Information.Disclosure"
    For Fortinet Firewall OS & other products:
    • FortiOS and some other Fortinet products are designed to not permit arbitrary code execution in the user space under regular conditions. The impacts to Fortinet products is still under investigation.
    • FortiGuard Advisory (https://fortiguard.com/psirt/FG-IR-18-002).
    Fortiguard signature released on 5 Jan 2018  
    Hypervisor   
    Microsoft Hyper-V
    • Please refer to Windows Server above.
    VMware
    • VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution (with patch VMSA-2018-0002.1).
    • VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue (with patch VMSA-2018-0004).
    Patches Available (VMSA-2018-0002.1)
    Patches Available (VMSA-2018-0004)
    Citrix Patches Available

     

     

    Reference:

      

     

    Updated on: 11 Jan 2018