Apple offers another Meltdown fix for Mac users…

And the roller coaster ride continues.  If you are an Apple products user, and more specifically, a MacOS user, this article is for you.  It provides a nice roadmap of where patching has been and where it is going in terms of Meltdown, Spectre and general hardware issues.  Enjoy!

https://nakedsecurity.sophos.com/2018/01/25/apple-offers-another-meltdown-fix-for-mac-users/

Intel Says to Stop Applying Problematic Spectre, Meltdown Patch

Linus Torvalds and many others have come out in protest against the hasty and often flawed patching approach to the Meltdown and Spectre vulnerabilities.  It is good to see Intel pumping the breaks on this process and taking a closer look at the architectural needs associated with the correction of this flaw.

https://www.darkreading.com/vulnerabilities—threats/intel-says-to-stop-applying-problematic-spectre-meltdown-patch-/d/d-id/1330871

Emergency Patches, Patch Tuesday and the Great Anti-Virus Compatibility Challenge

Several (50+) patches were released by Microsoft yesterday as part of their patching cycle for January.  Add to these out-of-band emergency patches designed to mitigate and/or resolve the vulnerabilities associated with Meltdown and Spectre, and sysadmins and security admins around the world are incredibly busy this week.

Complicating matters is the challenge of verifying your anti-virus and anti-malware software is compatible with Microsoft’s emergency patches, specifically in terms of the needed registry flags.

Take a moment and familiarize yourself with the updates from Microsoft, Adobe and others and patch accordingly once your testing is complete.

https://threatpost.com/microsoft-january-patch-tuesday-update-fixes-16-critical-bugs/129378/

https://www.infosecurity-magazine.com/news/patch-tuesday-more-work-for-admins/

https://threatpost.com/anti-virus-updates-required-ahead-of-microsofts-meltdown-spectre-patches/129371/

 

Microsoft Confirms Windows Performance Hits with Meltdown, Spectre Patches

This is the problem many of us feared.  This is the issue that is going to ring louder than the actual security implications of chip-set level vulnerabilities.  When system performance is directly impacted, end users notice and respond.  This type of issue is going to further deter proper patching and vulnerability management.

https://www.darkreading.com/endpoint/microsoft-confirms-windows-performance-hits-with-meltdown-spectre-patches/d/d-id/1330778

CPU Vulnerabilities – New Articles and Updates

More information came to light yesterday evening and overnight concerning the reported flaws in Intel and other processors.  I am including numerous links to multiple sources, but some of the key updates include:

  • There are actually two architectural vulnerabilities in play – Meltdown and Spectre
  • This is more than an Intel problem – AMD and ARM chips are also affected to various degrees
  • Microsoft has released an emergency out-of-band patch overnight that begins to address some of the vulnerabilities
  • There are still many unknowns as to the extent of impact that will come from patching and/or rearchitecting OS/chipset interactions

https://www.infosecurity-magazine.com/news/major-chip-flaws-confirmed/

https://www.darkreading.com/endpoint/critical-microprocessor-flaws-affect-nearly-every-machine/d/d-id/1330745

https://www.infosecurity-magazine.com/news/intel-flaw-performance-degradation/

https://threatpost.com/intel-in-security-hot-seat-over-serious-cpu-design-flaw/129289/

https://www.schneier.com/blog/archives/2018/01/spectre_and_mel.html