ITPro SnapShot: Resources for the Meltdown and Spectre Flaws
The new year began with a major processor flaw which was made public this week so we are using the ITPro SnapShot to help you understand and deal with the impact of these vulnerabilities.
Today we are skipping the normal list of product and services announcements that we feature in ITPro SnapShot to focus in on resources and information about the Meltdown and Spectre flaws that are present in a vast percentage of computer processors.
*
"Meltdown and Spectre - Bugs in modern computers leak passwords and sensitive data"
This is the best place to start, as it is the official site, coordinated by the teams that discovered the flaws.
On this page you will find:
Detailed white papers on each bug
A question and answers segment which fields some of the common inquiries that are coming up about the bugs
Example videos of the bugs in action
Links to official information from computer and chip manufacturers about their responses to Meltdown and Spectre
A list of individuals who were part of the team which discovered them
"How to Protect Against the Meltdown and Spectre Vulnerabilities"
This one is from ITPro Today, courtesy of Windows Secret's Susan Bradley. She provides instructions on how Windows users can check their systems to see if they're ready to receive Microsoft's Meltdown and Spectre patches, then advises how to handle safeguarding against the Meltdown and Spectre flaws. You will also find direct links to the patch downloads for supported versions of Windows.
Here is Microsoft's official support article for IT pros about the Meltdown and Spectre flaws. It includes a PowerShell script that will help you confirm whether or not protections are in place on the systems you manage. There is also a link to the executive summary about these issues on that page but I also wanted to highlight it here so you can easily access that information. For those of you supporting Surface hardware, you will want to also check out this firmware update which helps to further mitigate the Meltdown and Spectre flaws on those devices.
"About speculative execution vulnerabilities in ARM-based and Intel CPUs"
This is Apple's statement about the Meltdown and Spectre flaws and they confirm that recent updates to iOS, macOS, and tvOS provide protections against Meltdown. They are still working on updates to Safari to help mitigate Spectre's impact through the web browser.
"Today's CPU vulnerability: what you need to know"
Here is Google's official response to the Meltdown and Spectre flaws and their plans to address it. Since their Project Zero team was among those teams which discovered the vulnerabilities, Google got a head start on updating their systems for threat prevention.They've provided a list of mitigation statuses for their products and services, and you can also catch up on the issue as it relates to Google Cloud, G Suite, and Chrome through this Google Cloud team blog post.
"Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism"
Processor maker ARM details how their processors are potentially impacted by the Meltdown and Spectre flaws. The company says malware must be running locally on your device to take advantage of the flaws. They also state the majority of ARM processors are not impacted by the Meltdown and Spectre flaws, but they do provide a list of those which are vulnerable, and they provide instructions for Linux and Android users.
"Processor Speculative Execution Research Disclosure"
Amazon has also published information on how the Meltdown and Spectre flaws can impact Amazon Web Services and its various cloud offerings. There are brief comments about multiple Amazon products on this page and links to more detailed information for each of those areas.
But, wait...there's probably more so be sure to follow me on Twitter and Google+.
About the Author
You May Also Like