CPU Multiple Vulnerabilities (aka Meltdown and Spectre)

Multiple Vulnerabilities were identified in CPUs, a remote attacker can exploit these vulnerabilities to bypass security restriction and get sensitive information from the targeted system. They work on personal computers, mobile devices, and in the cloud.


Vulnerability Note VU#584653 refers to the following three variants:

  • Variant 1: bounds check bypass (CVE-2017-5753, Spectre)
  • Variant 2: branch target injection (CVE-2017-5715, also Spectre)
  • Variant 3: rogue data cache load (CVE-2017-5754, Meltdown)

Please note that:

  • Some patches may affect the performance of the system, so before installing the patches, please visit hardware and software vendor website for more detail information and get appropriate patches.
  • Patches will be provided by each vendor and might be applicable to some specific version only.

Vendor  Information to be noted Status Vendor Website
CPU Hardware
AMD Affected  Vendor Information
ARM Affected  Vendor Information
INTEL Affected  Vendor Information
Operating Systems and Software
Apple Patches Available(OS)
Patches Available(Safari)
 Vendor Information
Linux Kernel Patches Available(RHEL)
Patches Available(SUSE)
Microsoft Patches Available
Google  Android, Chrome browser, Chrome OS Patches Available
Mozilla  Firefox Patches Available
  • Make sure the database of anti-virus software is updated to be compatible with new Microsoft patches.
    (for example, for Windows 7/2008 https://support.microsoft.com/en-us/help/4056894/windows-7-update-kb4056894)
    “Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV have updated the ALLOW REGKEY.”
  • You can check if HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc is exist or not.
  • DO NOT manually add this key. It must be added by compatible Anti-Virus software.
  • For example, the follow command:
    reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc
    Should return “(Default) REG_DWORD 0x0” for compatible Anti-virus software.
Kaspersky Database released on 28 Dec 2017 or later Vendor Information
Firewall (need to consider Firewall protection and Firewall OS separately)
Palo Alto For PA Firewall Protection:

  • Make sure Application and Threat Content (Version 763) is installed.

For PA Firewall OS – PAN-OS/Panorama:

  • Palo Alto Networks Security Advisory (https://securityadvisories.paloaltonetworks.com/)
  • Information about Meltdown and Spectre findings (PAN-SA-2018-0001) “Palo Alto Networks is aware of recent vulnerability disclosures, known as Meltdown and Spectre, that affect modern CPU architectures. Preliminary findings conclude that these vulnerabilities pose no increased risk to Palo Alto Networks PAN-OS devices. (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754).”
    “There are no immediate plans to release a software update to PAN-OS in response to these issues at this time.”
Application and Threat Content (Version 763)
Fortinet For Fortinet Firewall Protection:

  • New IPS signature on 5 Jan to prevent CPU speculative execution was released. Enable IPS function and update latest Fortiguard signature.
  • The new signature is “CPU.Speculative.Executive.Timing.Information.Disclosure”

For Fortinet Firewall OS & other products:

  • FortiOS and some other Fortinet products are designed to not permit arbitrary code execution in the user space under regular conditions. The impacts to Fortinet products is still under investigation.
  • FortiGuard Advisory (https://fortiguard.com/psirt/FG-IR-18-002).
Fortiguard signature released on 5 Jan 2018
Microsoft Hyper-V
  • Please refer to Windows Server above.
  • VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution (with patch VMSA-2018-0002.1).
  • VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue (with patch VMSA-2018-0004).
Patches Available(VMSA-2018-0002.1)
Patches Available(VMSA-2018-0004)
Citrix Patches Available

Updated on: 11 Jan 2018