Spectre / Meltdown CPU Flaw
Our information security team is aware of several related security bulletins for vulnerabilities identified with “speculative execution functionality” of multiple vendors’ central processing units (CPU). As of this writing, there are three known variants:
CVE-2017-5715 - Branch target injection (SPECTRE)
CVE-2017-5753 - Bounds check bypass (SPECTRE)
CVE-2017-5754 - Rogue data cache load (MELTDOWN)
Review the reference information below to become more familiar with these vulnerabilities and validate that any software applications not managed by GUTS have the latest patches applied. GUTS additionally recommends that all customers verify that all systems in use within their organizations are verified as having the latest patches applied – including desktops and laptops.
Meltdown Technical Deep Dive PDF
Spectre Technical Deep Dive PDF
VMware Security Response
CERT Vulnerability Notice
CERT Exploit Notice
Google Project Zero Analysis
Microsoft Security Notice
WIRED Magazine news article
AnandTech news article
Your comment will be posted after it is approved.
Leave a Reply.
Sr. Consultant - IndyTek Consulting