Spectre & Meltdown: Mitigation Status

UPDATE 20170104: US-CERT has published an alert with aggregated links to vendor guidance and updates.

Rather than requiring you to chase info all over the Internet (or on Twitter), we’ve aggregated information about the Meltdown and Spectre vulnerabilities here for your convenience.

Overview

Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, Google’s Project Zero has provided exploits that work against real software.

So far, there are three known variants of the issue:

To exploit the issue on an unpatched system, an attacker would only need to be able to execute code. This means that shared (cloud) systems are particularly vulnerable, and Mozilla confirmed that it is possible to use similar techniques from Web content to read private information between different origins, so it could be exploited on a vulnerable browser simply by visiting an attacker-controlled site.

More Detail:

Original papers:

Mitigating the issue

Given the seriousness of this issue, the collective response from vendors has been outstanding. Here’s a look at our current status:

Hardware Vendors

Cloud Providers

Operating System Vendors

Antivirus Vendors

Individual Antivirus Vendor responses can be found here. (Thanks @gossithedog!)

Browser Vendors


This documents details a current security event affecting many modern microprocessor designs. Information may change rapidly as the event progresses, and more info or commands added here soon.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s