Notice: Spectre and Meltdown Vulnerabilities

Notice: Spectre and Meltdown Vulnerabilities

Researchers have recently discovered Spectre (CVE-2017-5715 /CVE-2017-5753) and Meltdown (CVE-2017-5754) vulnerabilities in multiple microprocessors.

System Vulnerabilities

  • Spectre affects almost all CPUs (Intel, AMD, PowerPC, Sparc, ARM, and more) made since 1995. Meltdown only affects Intel CPUs
  • To take advantage of Spectre and Meltdown vulnerabilities, malware must be run on the processor being attacked. This malware can come in the form of JavaScript code downloaded from a website and does not have to be code installed on the system itself.
  • Malware may be utilized to gain access to sensitive information in the CPU cache. Information stored in memory may provide the means to take control of the system.
  • All types of systems including cloud servers or on-premise servers, desktops, laptops, tablets, and phones are vulnerable. Like all systems, the following Themis products are also affected by these vulnerabilities:
  • RES Standard Density Servers: XR3, XR4, XR5, XR6
  • RES HD Servers
  • RES NT2 Servers
  • Select older systems

Remedies and Performance

  • The most important remedy is to have complete control over the software running on the system. Do not allow installation or execution of any software that is not cleared for the system.  This includes denying access to any external JavaScript code from websites.
  • Guarantee that all software running on your Themis System is securely controlled (eg. Installation, maintenance, upgrades).
  • To reduce the chance of exploitation, Themis recommends adopting best security practices including:
  • Updating BIOS and firmware (X8, X9, X10, X11) from Supermicro which includes Intel microcode patches found at here
  • Updating appropriate operating systems with the latest patches. Relevant information links can be found below.
OS Patch Information Operating System Details
Centos Centos 7,6
Citrix XenServer 6.0.2, 6.2, 6.5, 7.0, 7.1, 7.2, 7.3
Microsoft Windows 10, 8.1, 8, 7
Windows Server 2016, 2012
Redhat RHEL 7, RHEL 6, 5, 4, 3
SLES Linux SLES 12, 11
Ubantu Ubuntu 17.10, 16.04 LTS, 14.04 LTS, 12.04 ESM
VMWare ESXi 6.5, 6.0, 5.5, Workstation 14.x, 12.x
  • Note: Applied patches could impact overall system performance. Intel claims that you may experience up to a 10% decrease in performance.

References

For more information please refer to the following papers: