Our information security team is aware of several related security bulletins for vulnerabilities identified with “speculative execution functionality” of multiple vendors’ central processing units (CPU). As of this writing, there are three known variants:
CVE-2017-5715 - Branch target injection (SPECTRE) CVE-2017-5753 - Bounds check bypass (SPECTRE) CVE-2017-5754 - Rogue data cache load (MELTDOWN) Review the reference information below to become more familiar with these vulnerabilities and validate that any software applications not managed by GUTS have the latest patches applied. GUTS additionally recommends that all customers verify that all systems in use within their organizations are verified as having the latest patches applied – including desktops and laptops. Reference Information Meltdown Technical Deep Dive PDF Spectre Technical Deep Dive PDF VMware Security Response CERT Vulnerability Notice CERT Exploit Notice Google Project Zero Analysis Microsoft Security Notice WIRED Magazine news article AnandTech news article
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
AuthorSr. Consultant - IndyTek Consulting Archives
January 2024
Categories |