On January 3rd, 2018, Google and MITRE released reports on three separate security vulnerabilities that affect nearly every Intel, AMD, and ARM processor on the market, referred to in the press as “Meltdown” and “Spectre”.
The vulnerabilities allow an attacker to read sensitive information that is temporarily stored on the processor prior to execution. Unfortunately, the vulnerability is an architectural issue that is present in all of the affected processors and can only truly be fixed by replacing chips.
In the meantime, operating system vendors have begun developing and releasing patches that band-aid the problem but don’t truly address the core issue. At this time, Microsoft has released critical updates for the Windows and Server operating systems currently under support and other vendors are looking at potential avenues in their software to address the problems. It has been reported that some users may experience up to a 30% decrease in performance once the update is applied due to the “fences” software developers have to put in place to protect this sensitive area of the chips.
At this time, ALI recommends applying all critical updates to Microsoft operating systems.
VMware has released an initial round of patches for ESXi and the VCSA to try and address the issue, but they have not officially said the patches would fully address the vulnerabilities. Currently, ALI does NOT recommend patching ESXi or the VCSA until VMware releases a comprehensive set of patches that are fully tested and vetted.
Community-supported Linux distros such as CentOS and Ubuntu will start rolling out updates as well and ALI recommends applying those updates once tested and vetted.
Finally, certain models of Cisco switches and routers, while technically vulnerable, have other protections in place to prevent the vulnerabilities from being exploited. ALI recommends patching these Cisco devices during a normal update cycle.
If you have any questions, please contact our Technical Assistance Center at (800) 283-2648 to request additional assistance.
Call ALI Tech Support