Meltdown & Spectre vulnerabilities are taken the tech world by storm. Spectre vulnerability impacts Intel & other processors. Tech world is confused by the number of patches released to fix these issues. Meltdown impacts only Intel processors, and this can be fixed mostly by Operating System Updates. In my opinion, Intel mishandled the entire situation.
I have a post which explains a way to “Monitor Meltdown Spectre Vulnerabilities with SCCM“.
Bit More details about Spectra/Meltdown Vulnerabilities
Spectre variant 2 - CVE-2017-5715 (branch target injection) - Intel is going crazy Spectre variant 1 - CVE-2017-5753 (bounds check bypass) Meltdown - CVE-2017-5754 (rogue data cache load)
Meltdown and Spectre Variant 1 patches look fine as per the reports from various sources. But Intel is confusing the tech world with Spectre Variant 2 patches. They have hidden the issues with the patch released for “Spectre variant 2“. There are “DATA loss or corruption” issues reported because of with Intel’s patch for Spectre variant 2. This data loss or corruption issue is apart from unexpected reboot issues.
The hardware vendors like Dell, HP or Lenovo started to recall their firmware update patches for Spectre variant two because of buggy patches from Intel. Microsoft released another out of band patch to Disable (their earlier patch) Mitigation against Spectre, Variant 2.
The latest update about meltdown and spectra is available in the following article of Verge. Keep an eye on the above link to keep updated with this news.
Steps to Bring Spectra and Meltdown Issues under Control for the organizations
Secure Windows systems from Meltdown and Spectre vulnerabilities carefully. OS patches are a no-brainer (not really for LOB apps), and you should apply those right away. Deploy the patches after thorough testing in staging and pilot machines. Pilot testing of patching is essential as you know the removal or un-installation of the patches is not a very easy task.
Ideally, you should already be applying OS updates regularly as part of a comprehensive security configuration management policy. To keep your company secure, you must periodically validate the integrity of every endpoint’s compliance with corporate policy and vendor security fixes.
Adaptiva Client Health makes it easy to verify that every Windows endpoint in your enterprise meets security standards. It can automatically remediate non-compliant systems. To learn more about how to automate endpoint security at scale, request a free demo.
Download Infographic for Meltdown Spectre PDF
You can read Infographic for Meltdown Spectre as a PDF from here