Security Alert: Processors Meltdown!

Hello,

Recently multiple disclosed security vulnerabilities took the Internet by storm. Dubbed "Meldown" and "Spectre", those vulnerabilities seem to affect numerous systems and processors including Intel, AMD, ARM; thus it has the potential to affect PCs, servers, networking equipment, mobile devices and even cloud.
An attacker can exploit those vulnerabilities by running a special code locally on the system which could result in accessing privileged data of another process through unprivileged access level.

Meltdown: Rogue data cache load (CVE-2017-5754)
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Spectre Variant 1: Bounds checking bypass (CVE-2017-5753)
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Spectre Variant 2: Branch target injection (CVE-2017-5715)
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Link



Below is a list of numerous vendors and links to their articles describing the impact and patching process.
CiscoASR9K, UCS B-Series, UCS C-Series... affected, check KB
F5LTM, ASM, GTM... affected, check KB
Palo Altocheck KB
Junipercheck KB
Riverbedcheck KB
Fortinetcheck KB
Bluecoatcheck KB
Symanteccheck KB
ESETcheck KB
VMwareESXi, Workstation... affected, check KB
Inteli3, i5, i7, Xeon, Atom... affected, check KB
WindowsClient 7, 8.1, 10... affected, check KB
WindowsServer 2008, 2012, 2016... affected, check KB
WindowsSQL 2008, 2012, 2016, 2017... affected, check KB
SynologyDSM 5.2, 6.0, 6.1... affected, check KB
Red HatEnterprise Linux 5, 6, 7, OpenStack... affected, check KB
Ubuntucheck KB
SUSEcheck KB
FirefoxFixed in 57.0.4
ChromeFixed in v64 (to be released January 23)


Cisco IPS signatures that targets those vulnerabilities are:
Signature IDSignature NameReleaseLatest Release Date
8152/0Intel CPU Side Channel Analysis Information DisclosureS100501/05/2018
8152/1Intel CPU Side Channel Analysis Information DisclosureS100501/05/2018
8152/2Intel CPU Side Channel Analysis Information DisclosureS100501/05/2018
8152/3Intel CPU Side Channel Analysis Information DisclosureS100501/05/2018
8152/4Intel CPU Side Channel Analysis Information DisclosureS100501/05/2018

--
Elie Bassil
linkedin.com/in/eliebassil



Previous
Next Post »

6 comments

Write comments
Sport Hunter
AUTHOR
March 23, 2018 at 12:42 AM delete

Monster Jam World Finals 2018

https://monsterjamworldfinals.ca/
Monster Jam World Finals
Monster Jam 2018
Monster Jam World Finals XIX
<a href="https://monsterjamworldfinals.ca/>Monster Jam World Finals 2018 Las Vegas</a>

Reply
avatar
Unknown
AUTHOR
March 19, 2019 at 8:58 PM delete

The country star played coy when asked how he feels about being nominated for New Male Artist of the Year at the 2019 ACM Awards. ACM Awards 2019 Live via live ACM Awards 2019 Live Streamor 2019 ACM Awards stint will mark her sixteenth time hosting one of the biggest nights for the country music industry. ACM Awards 2019 Live Streaming Ahead of country music icon Reba McEntire‘s 2019 ACM Awards hosting duties, the star will also be heavily promoting her Stronger Than The Truth album which comes out April 5th. ACM Awards 2019 Live Stream On April 7th, the star will mark her sixteenth time hosting the ACM Awards live from MGM Grand Garden Arena in Las Vegas, airing on the CBS Television Network at 8:00 PM ET. ACM Awards 2019 Live Country music superstar Jason Aldean is set to accept the Artist of the Decade Award at the 2019 Academy of Country Music Awards.

Reply
avatar