Sign In

Новини


Meltdown and Spectre



Serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processors designed by Intel, AMD and ARM. Almost every system is affected: desktops, laptops, tablets, servers, cloud servers, and smartphones from all vendors and running almost any operating system.

The flaws, named Meltdown and Spectre, were discovered by security researchers at Google's Project Zero in conjunction with academic and industry researchers from several countries.

CERT Bulgaria encourages users and administrators to refer to their OS, devices and applications vendors for the most recent information about updates, patches, and mitigation guidelines and apply them immediately.

After patching, performance may be diminished by up to 30 percent. Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect if possible.

Device and platform manufacturers are releasing updates to supported products which will mitigate this issue.  Ensure that the latest patches have been installed, and that you are not using unsupported devices as these will not be fixed.

The following table contains links to patch information published in response to the vulnerabilities, published by the respective vendors .

Link to Vendor Patch Information

Date Added

Amazon

January 4, 2018

AMD

January 4, 2018

Android

January 4, 2018

ARM

January 4, 2018

CentOS

January 4, 2018

Chromium

January 4, 2018

Citrix

January 4, 2018

F5

January 4, 2018

Google

January 4, 2018

Huawei

January 4, 2018

IBM

January 4, 2018

Intel

January 4, 2018

Lenovo

January 4, 2018

Linux

January 4, 2018

Microsoft Azure

January 4, 2018

Microsoft Windows

January 4, 2018

NVIDIA

January 4, 2018

OpenSuSE

January 4, 2018

Red Hat

January 4, 2018

SuSE

January 4, 2018

Trend Micro

January 4, 2018

VMware

January 4, 2018

Xen

January 4, 2018

 

Please visit follow links for more information

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

https://googleprojectzero.blogspot.bg/2018/01/reading-privileged-memory-with-side.html

https://www.kb.cert.org/vuls/id/584653

https://www.ncsc.gov.uk/guidance/meltdown-and-spectre-guidance

https://spectreattack.com/

https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-worst-cpu-bugs-ever-found-affect-computers-intel-processors-security-flaw

01/05/2018

NEW VIRUSES RSS
VULNERABILITIES RSS