Cert links to guidance from manufacturers affected by Meltdown and Spectre
Cert has published links to guidance from vendors regarding Meltdown and Spectre. It includes Amazon AWS, Android and numerous other vendors. You almost certainly have to apply the patches but the performance impact is hideous (30 percent).
See the CERT bulletin for details.
Alert (TA18-004A)Meltdown and Spectre Side-Channel Vulnerability Guidance
NCCIC encourages users and administrators to refer to their OS vendors for the most recent information. However, the table provided below lists available advisories and patches. Due to the fact that the vulnerability exists in CPU architecture rather than in software, patching may not fully address these vulnerabilities in all cases.
Note the last sentence of the quote above. The vulnerability is in the Hardware. It would be prudent to patch as soon as patches are available but keep in mind that this is most likely a stopgap until the firmware or CPUs can be replaced with chips not affected by the vulnerability.
Note the next quote:
After patching, performance may be diminished by up to 30 percent. Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect if possible.
As I mentioned in an earlier post, I seriously doubt that systems have 30 percent excess capacity. I am not happy with a 30 percent loss of performance in my Intel based laptop.
Some of the vendors on the list are :Amazon, AMD, Android, Apple, Chromium, Citrix, Debian, Google, Linux, Microsoft, Mozilla, NVIDIA, Trend Micro, VMWare.
Keep in mind, that is only a partial list. New information will be added as the situation develops.
IMHO, this is a MAJOR FAIL.
- KB4056892, the Windows 10 patch to address Meltdown/Spectre installed on my laptop – Performance results are…
- Meltdown and Spectre – You might NOT have to replace all of your hardware.
- With Meltdown and Spectre what happens to pending server purchases and how will companies address the performance issues of patches?
- Meltdown and Spectre – Intel CEO reportedly sold over three quarter of a million shares AFTER learning of the vulnerabilities.
- Meltdown and Spectre are going after your private information.
- A Windows 10 patch that is supposed to address Meltdown and Spectre vulnerabilities. BEWARE IF YOU HAVE AN AMD PROCESSOR
- Interesting article on what hackers do with pwned sites
- Backing up your Blogger Blogs