You're currently viewing Softcat.ie, would you like to continue?
Yes, I want to view Softcat.ieLast updated: 09:05 12th Jan 2018
Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. To mitigate these vulnerabilities operating system and application developers have been publishing patches and updates to mitigate these identified issues.
To mitigate the Meltdown vulnerability (CVE-2017-5754) will require a combination of operating system and processor microcode updates. Microcode is a small piece of software that is directly installed on the processor to act as an interface between the hardware and operating system. This Microcode update will be provided by OEM manufacturers and will need to be installed as part of their update mechanism.
To help Softcat’s customers we will be compiling a list of the major manufactures updates and statements to provide a central location for all the updates are they are released. All updates will be posted below.
Statement released. Vulnerable products identified. Further investigation ongoing.
“Aruba products are based on a number of different CPU architectures, some of which are affected by the vulnerabilities. However, no Aruba product allows execution of arbitrary code by an unauthorized user. In order to exploit this vulnerability, an attacker would require that ability. Achieving code execution would require the presence of second, unrelated vulnerability, and it is likely that such a vulnerability would already allow compromise of the system without the need for further exploits.”
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
Statement released. To allow for the Meltdown update on Windows (ADV180002) an update will be required and the REG key will be switched automatically on signature version December 28, 2017 or later
Additional guidance is provided here
Vulnerability acknowledged and affected products have been identified, awaiting patches.
Cisco AMP has been updated to allow for the Meltdown update on Windows (ADV180002) an update will be required and the REG key will need to be switched manually.
Additional guidance is provided here
Statement Released. Vulnerability acknowledged and some affected products have been identified and patched, some remaining products are awaiting patches.
https://support.citrix.com/article/CTX231390
Clearswift Product Security Advisory Concerning "Meltdown" and "Spectre"
Clearswift made available on the 3rd January 2018 updates to the RHEL Operating System alongside an Application upgrade (4.7.1) for all Gateway products
Details have been published in a knowledge base article on our support portal and we have put out information on the products UI RSS Feed to alert customers directly. Clearswift customers are advised to login to their Clearswift Support Portal to see the article. Support Portals are accessed here - https://www.clearswift.com/support/portals (Clearswift login required to access)
Statement released. To allow for the Meltdown update on Windows (ADV180002) an update will be required and the REG key will need to be switched manually.
Additional guidance is provided here
https://www.cylance.com/en_us/blog/cylance-not-impacted-by-meltdown-or-spectre-vulnerabilities.html
Statement Released. Vulnerability acknowledged and some affected products have been identified and patched, some remaining products are awaiting patches.
“Dell is aware of new security research describing software analysis methods related to Intel microprocessors. We are working with Intel and others in the industry to investigate and address the issue. For more information, please refer to the article posted on Intel’s website.”
“We are expecting further statements as work continues, however we have released a BIOS firmware today with enhancements to address the issue:“
The following pages will be updated with the latest information on affected Dell / Dell EMC products including BIOS updates as they are available.
If you are using any PowerEdge server patch tool fed from support.dell.com (such as OpenManage Essentials and Repository Manager) you will see this update in your patch queue flagged as “urgent”.
Statement Released. Vulnerability acknowledged and some affected products have been identified, awaiting further investigation.
https://support.f5.com/csp/article/K91229003
Statement Released. Vulnerability acknowledged and some affected products have been identified, awaiting patches.
Statement Released. Vulnerability acknowledged and some affected products have been identified and patched, some remaining products are awaiting patches.
“The EMEIA support webpage below details the current publicly available information about the vulnerabilities, affected Fujitsu products and estimated availability of patches and updates for BIOS provided by Fujitsu and other vendors. Not all fixes have release dates yet, and not all BIOS versions are known yet. The webpage will be updated regularly.”
http://support.ts.fujitsu.com/content/SideChannelAnalysisMethod.asp
HPE has made the following system ROM updates which include an updated microcode to resolve the vulnerability:
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
Statement Released. Vulnerability acknowledged and some affected products have been identified, awaiting patches.
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
Statement Released. Vulnerability acknowledged and some affected products have been identified, awaiting further investigation.
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10842&actp=RSS
Statement released. To allow for the Meltdown update on Windows (ADV180002) an update will be required and the REG key will be switched automatically on before 9th January 2018.
Additional guidance is provided here
https://support.kaspersky.co.uk/14042
Statement Released. Vulnerability acknowledged and some affected products have been identified and patched, Some remaining products are awaiting patches.
https://support.lenovo.com/gb/en/solutions/len-18282
Statement released. To allow for the Meltdown update on Windows (ADV180002) an update will be required and the REG key will be switched automatically on version 15.0 R4 or later.
Additional guidance is provided here
https://service.mcafee.com/webcenter/portal/cp/home/articleview?locale=&articleId=TS102769
Statement Released. Vulnerability acknowledged and affected products have been identified and patched.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
Statement Released. Vulnerability acknowledged. Further investigation taking place.
https://security.netapp.com/advisory/ntap-20180104-0001/
Statement Released. Vulnerability acknowledged and some affected products have been identified, awaiting patches.
http://download.nutanix.com/alerts/Security-Advisory_0007_v1.pdf
Further information is expected to be posted to https://portal.nutanix.com/#/page/static/fieldAdvisories (Requires Nutanix login to view)
Statement released. To allow for the Meltdown update on Windows (ADV180002) an update will be required and the reg key will need to be switched manually.
Additional guidance is provided here: https://live.paloaltonetworks.com/t5/Customer-Advisories/Information-about-Meltdown-and-Spectre-findings/ta-p/193878/jump-to/first-unread-message&sa=D&ust=1515402733875000&usg=AFQjCNFk_9VQGX6leoLPLhsbth4EVxwTEQ
Statement updated. Vulnerability acknowledged, affected product has been identified. Further investigation ongoing, awaiting patch.
Updates will be provided on the following field bulletin.
https://support.purestorage.com/Field_Bulletins/The_Meltdown_and_Spectre_CPU_Vulnerabilities (Pure1 login required)
Statement Released. Vulnerability acknowledged and some affected products have been identified and patched, some remaining products are awaiting patches.
https://access.redhat.com/security/vulnerabilities/speculativeexecution
Statement released. Vulnerability acknowledged, affected product have been identified. Endpoint updates have been deployed. Further investigation ongoing for network appliances, awaiting patches.
Updates will be delivered to - https://community.sophos.com/kb/en-us/128053
Statement Released. Vulnerability acknowledged and some affected products have been identified and patched, some remaining products are awaiting patches.
https://www.supermicro.com/support/security_Intel-SA-00088.cfm
Statement released. To allow for the Meltdown update on Windows (ADV180002) an update will be required and the REG key will be switched automatically on version ERASER Engine 117.3.0.358 or greater.
Additional guidance is provided here
https://support.symantec.com/en_US/article.INFO4793.html
Statement released. To allow for the Meltdown update on Windows (ADV180002) an update will be required and the REG key will need to be switched manually.
Additional guidance is provided here
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1118996.aspx
Statement Released. Vulnerability acknowledged and affected products have been identified and patched.
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
If you need any further advice or support, please speak to your Softcat account manager or get in touch using the form below
Please note that the information provided is for guidance only and is provided subject to the limitations set out in our website terms of use.
We would love to hear any comments you have about this article!
FireEye response is in line with your useful article.
Please see a link for CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 (“Meltdown” and “Spectre” vulnerabilities) from FireEye Expertise here;
https://www.fireeye.com/blog/products-and-services/2018/01/fireeye-notice-for-meltdown-and-spectre-vulnerabilities.html