|
Our information security team is aware of several related security bulletins for vulnerabilities identified with “speculative execution functionality” of multiple vendors’ central processing units (CPU). As of this writing, there are three known variants:
CVE-2017-5715 - Branch target injection (SPECTRE) CVE-2017-5753 - Bounds check bypass (SPECTRE) CVE-2017-5754 - Rogue data cache load (MELTDOWN) Review the reference information below to become more familiar with these vulnerabilities and validate that any software applications not managed by GUTS have the latest patches applied. GUTS additionally recommends that all customers verify that all systems in use within their organizations are verified as having the latest patches applied – including desktops and laptops. Reference Information Meltdown Technical Deep Dive PDF Spectre Technical Deep Dive PDF VMware Security Response CERT Vulnerability Notice CERT Exploit Notice Google Project Zero Analysis Microsoft Security Notice WIRED Magazine news article AnandTech news article
0 Comments
|
AuthorSr. Consultant - IndyTek Consulting Archives
June 2019
Categories |
RSS Feed
