Device and platform manufacturers are releasing updates to supported products which will mitigate this issue.  Ensure that the latest patches have been installed, and that you are not using unsupported devices as these will not be fixed.

The following section summarises responses from the major suppliers that we aware of.

Cloud services

The major cloud service providers are installing fixes on their own platforms. However, in a virtualised environment, fixes are required for both the hypervisor and guest virtual machines. Therefore, when using Infrastructure as a Service (IaaS), you will need to update the operating systems of any virtual machines and container base images that you manage. For Platform as a Service (PaaS) and Software as a Service (SaaS), your provider should install these patches for you. If in doubt, check that your service provider:

is aware of the issue and installing fixes

is providing advice for dealing with the issue

Data centres/servers

Operating systems and hypervisors need patches, as does the firmware of the physical machines you are running. The major equipment manufacturers (OEMs) are producing patches; you should obtain these directly from the OEM. Patches for Linux are also being produced and will be included by the most common distributions. These should be installed as soon as they are available.

End user devices

The major operating system vendors have produced patches which mitigate the issues, though some parts of the patches need to be installed via the equipment manufacturer (OEM) as they contain platform-specific elements. This means that it's not sufficient just to update the operating system - you will need to check that the underlying firmware is also up to date. Links are provided at the end of this page.

Applications and software

Software compilers need to be updated to protect applications from the Spectre vulnerabilities. Once compilers have been updated, applications will need to be recompiled to take advantage of these mitigations. As with operating systems, applications should be regularly updated to ensure the latest security fixes are applied.

More information

Some CPU microprocessors are affected more than others. Check with your processor's manufacturer to find out the full impact of the vulnerabilities.

This attack requires code to be running on the target device, so is currently a local escalation of privilege attack. However, the vulnerabilities may be exploitable from within application sandboxes (including web browsers), so take care when executing any untrusted code, including JavaScript on web pages.

Intel and Linux have developed tools to detect and mitigate the Meltdown and Spectre vulnerabilities in Windows and Linux.

Detection and Mitigation Tool

https://downloadcenter.intel.com/download/26755/INTEL-SA-00075-Detection-and-Mitigation-Tool

Linux Detection and Mitigation Tools (Linux)

https://github.com/intel/INTEL-SA-00075-Linux-Detection-And-Mitigation-Tools

https://security-center.intel.com/advisories.aspx

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/