The Latest on Meltdown and Spectre

As we wrote about last week, mitigation efforts for the Kernel Side-Channel Attacks also known as Meltdown and Spectre continues. Linux has been rolling out patches for its distros, and Apple has issued updates for iOS, macOS High Sierra, and Safari on Sierra and El Capitan.

Microsoft has also began issuing patches in advance of Patch Tuesday. Unfortunately, there is a significant issue with some AMD devices. Microsoft halted patching to these devices and issued the following statement:

Microsoft has received reports of some AMD devices getting into an unbootable state after installation of recent Windows operating system security updates. After investigating, Microsoft determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.

To prevent AMD customers from getting into an unbootable state, Microsoft has temporarily paused sending the following Windows operating system updates to devices that have impacted AMD processors:

January 3, 2018—KB4056897 (Security-only update)

January 9, 2018—KB4056894 (Monthly Rollup)

January 3, 2018—KB4056888 (OS Build 10586.1356)

January 3, 2018—KB4056892 (OS Build 16299.192)

January 3, 2018—KB4056891 (OS Build 15063.850)

January 3, 2018—KB4056890 (OS Build 14393.2007)

January 3, 2018—KB4056898 (Security-only update)

January 3, 2018—KB4056893 (OS Build 10240.17735)

January 9, 2018—KB4056895 (Monthly Rollup)

The process of fixing these vulnerabilities remains fluid, with new information coming out daily. Because of the unique situation, we wanted to provide a rolled up account of the information we have to date.

CVEs:

• CVE-2017-5754 - Meltdown
• CVE-2017-5753 - Spectre
• CVE-2017-5715 - Spectre

Operating System Information:

MacOS

• Updates released 1/3/18
• Meltdown Updates released 1/3/18
  • High Sierra: 10.13.2
  • Security Update 2017-002 Sierra
  • Security Update 2017-005 El Capitan
• Spectre
  • MacOS High Sierra 10.13.2 Supplemental Update
  • Safari 11.0.2

Windows

• Halted updates for some AMD native devices
• Customers will not receive windows updates unless they set registry key
• List of AV vendor patch compatibility
• Windows 10 Update - KB4056892
• Windows 7 & Server 2008 Update - KB4056894
• Windows 8.1 & Server 2012 Update - KB4056895

Linux

• Ongoing patch updates for Meltdown
• Ongoing patch updates for Spectre
• Additional Linux information:
  • Redhat
    • Vuln Response
    • RHSA-2018:0007
    • RHSA-2018:0009
  • Ubuntu
  • Suse
  • Fedora
  • Debian
    • Information updates on CVE-2017-5715
    • Information updates on CVE-2017-5753
    • Information updates on CVE-2017-5754

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.