On January 3rd, 2018, a team of security researchers disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with many different vendors’ processors and operating systems.
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via side-channel analysis.
|Vulnerability||Method||Mitigating Actions Include|
|Meltdown||Rogue Data Cache Load||Operating System Patch|
|Spectre V1||Bounds check bypass||Operating System Patch|
|Spectre V2||Branch target injection||Operating System Patch and Microcode Update|
- Includes the Intel® Core™ Processor Family
Customers should follow best practice for deploying operating system and software updates in a timely fashion as recommended by the software developers. Mitigating patches from Microsoft are now available through Windows Update.
Customers using virtualised environments should deploy available patches to both the Hypervisor and guest operating systems.
Additionally, we recommend that you ensure that you have all of the latest updates installed from your Anti-Virus provider.
In addition, Stone are working with key vendors to provide firmware updates which further assist in mitigation. Stone will provide these BIOSes as soon as they are available.
For More Information
Please see the official Intel SA-00088 advisory page here:
- Stone Desktop, Notebook, NUC and Server products.
Note: For branded products supplied through Stone (i.e. Toshiba, Acer, Lenovo), please visit those manufacturers’ support pages directly.