As we wrote about last week, mitigation efforts for the Kernel Side-Channel Attacks also known as Meltdown and Spectre continues. Linux has been rolling out patches for its distros, and Apple has issued updates for iOS, macOS High Sierra, and Safari on Sierra and El Capitan.
Microsoft has also began issuing patches in advance of Patch Tuesday. Unfortunately, there is a significant issue with some AMD devices. Microsoft halted patching to these devices and issued the following statement:
Microsoft has received reports of some AMD devices getting into an unbootable state after installation of recent Windows operating system security updates. After investigating, Microsoft determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.
To prevent AMD customers from getting into an unbootable state, Microsoft has temporarily paused sending the following Windows operating system updates to devices that have impacted AMD processors:
January 3, 2018—KB4056897 (Security-only update)
January 9, 2018—KB4056894 (Monthly Rollup)
January 3, 2018—KB4056888 (OS Build 10586.1356)
January 3, 2018—KB4056892 (OS Build 16299.192)
January 3, 2018—KB4056891 (OS Build 15063.850)
January 3, 2018—KB4056890 (OS Build 14393.2007)
January 3, 2018—KB4056898 (Security-only update)
January 3, 2018—KB4056893 (OS Build 10240.17735)
January 9, 2018—KB4056895 (Monthly Rollup)
The process of fixing these vulnerabilities remains fluid, with new information coming out daily. Because of the unique situation, we wanted to provide a rolled up account of the information we have to date.
CVEs:
- CVE-2017-5754 – Meltdown
- CVE-2017-5753 – Spectre
- CVE-2017-5715 – Spectre
Operating System Information:
- Updates released 1/3/18
- Meltdown Updates released 1/3/18
- High Sierra: 10.13.2
- Security Update 2017-002 Sierra
- Security Update 2017-005 El Capitan
- Spectre
- MacOS High Sierra 10.13.2 Supplemental Update
- Safari 11.0.2
- Halted updates for some AMD based devices
- Customers will not receive windows updates unless they set registry key
- List of AV vendor patch compatibility
- Windows 10 Update – KB4056892
- Windows 7 & Server 2008 Update – KB4056894
- Windows 8.1 & Server 2012 Update – KB4056895
- Ongoing patch updates for Meltdown
- Ongoing patch updates for Spectre
- Additional Linux information:
- Redhat
- Ubuntu
- Suse
- Fedora
- Debian
- Information updates on CVE-2017-5715
- Information updates on CVE-2017-5753
- Information updates on CVE-2017-5754
