Following the recent announcement that vulnerabilities have been detected in Intel and AMD processor chips, Datacom has been monitoring our managed service customer environments and working with our vendors to mitigate the impact of the vulnerabilities for our clients.
The vulnerabilities have been referred to in recent media releases as “Meltdown” and “Spectre” and have the potential to impact systems running Windows, Linux and MacOS.
Some updates (software patches) have already been produced to address the vulnerabilities. Datacom teams are working with our clients to apply patches through agreed patch management processes to minimise possible risk.
It is important to note that at this point in time there is no known exploit or attack in progress, rather, preventative remediation activities are underway.
We recommend all businesses and home computers are kept up to date and software updates are applied as soon as possible. Backups should be conducted regularly and stored offline and offsite wherever possible. Firewall and email security systems should be updated regularly. Users should also stay alert to potential phishing emails and never open attachments from an unknown source.
Recent media articles on this topic:
https://www.stuff.co.nz/business/industries/100330369/intel-flaw-what-you-need-to-know
http://www.computerweekly.com/news/450432608/Meltdown-and-Spectre-AWS-Google-and-Microsoft-mobilise-to-protect-cloud-users-from-chip-flaws
https://www.theverge.com/2018/1/4/16850120/meltdown-spectre-vulnerability-cloud-aws-google-cpu
https://techcrunch.com/2018/01/03/intel-calls-reports-of-major-vulnerability-incorrect/
https://www.reuters.com/article/us-cyber-intel/intel-working-to-fix-security-flaw-in-its-chips-without-slowing-computers-idUSKBN1ES1BO
http://www.zdnet.com/article/tech-giants-scramble-to-fix-intel-processor-security-flaw/
https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/
Statements from Intel, Amazon, Google, Trend Micro, Cisco:
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://success.trendmicro.com/solution/1119183-important-information-for-trend-micro-solutions-and-microsoft-january-2018-security-updates
https://tools.cisco.com/security/center/publicationListing.x
Statements from the National Institute of Standards and Technology (NIST), U.S. Department of Commerce:
https://nvd.nist.gov/vuln/detail/CVE-2017-5754
https://nvd.nist.gov/vuln/detail/CVE-2017-5715
https://nvd.nist.gov/vuln/detail/CVE-2017-5753