The saga surrounding the Spectre and Meltdown vulnerabilities continues. New potential variants have been discovered and should be yet another motivator to update and patch accordingly.
The fun with Spectre and Meltdown patching just keeps coming. Take a moment to review your environments and update your patching accordingly.
And the roller coaster ride continues. If you are an Apple products user, and more specifically, a MacOS user, this article is for you. It provides a nice roadmap of where patching has been and where it is going in terms of Meltdown, Spectre and general hardware issues. Enjoy!
Mr. Schneier has given us a concise, well-written and forward thinking perspective on Meltdown, Spectre and the potential future of hardware-based vulnerabilities. This article is certainly well worth a read.
This article is in line with other reports of vendors and Intel itself backing away from Spectre and Meltdown patching updates and tweaks.
Linus Torvalds and many others have come out in protest against the hasty and often flawed patching approach to the Meltdown and Spectre vulnerabilities. It is good to see Intel pumping the breaks on this process and taking a closer look at the architectural needs associated with the correction of this flaw.
Several (50+) patches were released by Microsoft yesterday as part of their patching cycle for January. Add to these out-of-band emergency patches designed to mitigate and/or resolve the vulnerabilities associated with Meltdown and Spectre, and sysadmins and security admins around the world are incredibly busy this week.
Complicating matters is the challenge of verifying your anti-virus and anti-malware software is compatible with Microsoft’s emergency patches, specifically in terms of the needed registry flags.
Take a moment and familiarize yourself with the updates from Microsoft, Adobe and others and patch accordingly once your testing is complete.
This is the problem many of us feared. This is the issue that is going to ring louder than the actual security implications of chip-set level vulnerabilities. When system performance is directly impacted, end users notice and respond. This type of issue is going to further deter proper patching and vulnerability management.
This is very good language to employ to make the C-level conversation about Meltdown and Spectre go a bit smoother in your organization and hopefully lead to support and funding to address the problem more successfully.
More information came to light yesterday evening and overnight concerning the reported flaws in Intel and other processors. I am including numerous links to multiple sources, but some of the key updates include:
- There are actually two architectural vulnerabilities in play – Meltdown and Spectre
- This is more than an Intel problem – AMD and ARM chips are also affected to various degrees
- Microsoft has released an emergency out-of-band patch overnight that begins to address some of the vulnerabilities
- There are still many unknowns as to the extent of impact that will come from patching and/or rearchitecting OS/chipset interactions