Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
Meltdown and Spectre are hardware-level vulnerabilities. As such, every operating system is susceptible. The KACE products - Systems Management Appliance (SMA) and Systems Deployment Appliance (SDA) - both run FreeBSD on Dell hardware platforms. FreeBSD does not yet have a patch available or an ETA for the fix, but since the SMA and SDA are closed-source appliance-based systems, there is no perceived risk from the KACE appliances at this time. Vendor patches will be added to the patch feed (provided by our patch vendor) as they are released and tested. This process usually takes 1-2 days, but may vary according to the vendor patch. Vendor specific information/resources are listed below:
Official Release: https://meltdownattack.com/
Dell Official Response: http://www.dell.com/support/article/us/en/04/sln308588
Google: https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html
----------
FreeBSD: https://www.freebsd.org/news/newsflash.html#event20180104:01
Microsoft: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180002
* NOTE: Microsoft Windows patches were added to the patch feed on 1/5/18. A list of the patches in the January 2018 out-of-band release is attached to this article (Microsoft_OOB_Jan2018.txt).
* NOTE: Microsoft Windows patches will only be detected missing on systems with the existence of a registry value written by anti-virus vendors to avoid BSOD or worse issues. More information is available here.
* IT Ninja Blog: Spectre & Meltdown Analysis using KScripting with TextReturn
Apple: https://support.apple.com/en-us/HT208331
RedHat: https://access.redhat.com/security/vulnerabilities/speculativeexecution
Ubuntu: https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities
SuSE: https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
----------
VMware: https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center