Summary

On January 3rd, 2018, a team of security researchers disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with many different vendors’ processors and operating systems.

 

Description

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via side-channel analysis.

 

Vulnerability Method Mitigating Actions Include
Meltdown Rogue Data Cache Load Operating System Patch
Spectre V1 Bounds check bypass Operating System Patch
Spectre V2 Branch target injection Operating System Patch and Microcode Update

 

 

Affected Products

  • Includes the Intel® Core™ Processor Family

 

Recommendations

Customers should follow best practice for deploying operating system and software updates in a timely fashion as recommended by the software developers. Mitigating patches from Microsoft are now available through Windows Update.

 

Customers using virtualised environments should deploy available patches to both the Hypervisor and guest operating systems.

Additionally, we recommend that you ensure that you have all of the latest updates installed from your Anti-Virus provider.

 

Firmware Downloads

In addition, Stone are working with key vendors to provide firmware updates which further assist in mitigation. Stone will provide these BIOSes as soon as they are available.

 

For More Information

Please see the official Intel SA-00088 advisory page here:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

 

Applies to:

  • Stone Desktop, Notebook, NUC and Server products.

 

Note: For branded products supplied through Stone (i.e. Toshiba, Acer, Lenovo), please visit those manufacturers’ support pages directly.