Over the past few days, you may have heard of the new vulnerabilities that has been uncovered, Meltdown and Spectre. These vulnerabilities affect all modern processors, meaning your business machines and even personal gadgets that use processors are affected which puts you in risk of potential attacks. Below is a brief explanation of what exactly Meltdown and Spectre are:
Meltdown
Meltdown is a hardware vulnerability in processors (Intel x86 microprocessors and some ARM based microprocessors) which allows attackers to use programs to access your computer’s memory. With this access, they are able to gain sensitive data from your other applications within your system.
Spectre
Spectre is a hardware vulnerability in modern processors, which attackers can use to trick error-free programs, which follow best practices, into leaking their secrets. Safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
However, since the vulnerability has been announced it means that so have the solutions. Below are the steps in which you need to take fix these vulnerabilities:
1. Update your Processor Firmware
Processor manufacturers have already released firmware updates to fix these vulnerabilities, however they said that they would only be releasing updates for processors within the last 5 years. Below are the current firmware updates you will need per vendor (note that we will be placing more updates as they come):
HPE
For ProLiant Gen10 products (except for the ProLiant DL385 Gen10), update to System ROM Version 1.28.
For the ProLiant DL385 Gen10 server, update to System ROM Version 1.04.
For ProLiant Gen9 series servers, update to System ROM Version 2.54 (except for the ProLiant DL20 Gen9 or ML30 Gen9)
For the ProLiant DL20 Gen9 or ProLiant ML30 Gen9 server, update to System ROM Version 2.52.
For ProLiant Gen8 series servers, update to a System ROM version dated 12/12/2017.
For the ProLiant m710x server cartridge, update to System ROM Version 1.60
For the ProLiant m710p server cartridges update to the System ROM version dated 12/12/2017.
Click here and place your HPE product to find the firmware patch you need.
Cisco
Below is a table of known Cisco products affected by the vulnerabilities, to download the update, you will need to click on the Cisco Bug ID and log in to your Cisco account to access it. We will be updating this table when updates are available.
| Product | Cisco Bug ID | Fixed Release Availability |
|---|---|---|
| Routing and Switching – Enterprise and Service Provider | ||
| Cisco ASR 9000 XR 64-bit Series Routers | CSCvh32429 | |
| Cisco 800 Industrial Integrated Services Routers | CSCvh31418 | |
| Cisco NCS 1000 Series Routers | CSCvh32429 | |
| Cisco NCS 5000 Series Routers | CSCvh32429 | |
| Cisco NCS 5500 Series Routers | CSCvh32429 | |
| Cisco XRv 9000 Series Routers | CSCvh32429 | |
| Unified Computing | ||
| Cisco UCS B-Series M2 Blade Servers | CSCvh31576 | Fix pending |
| Cisco UCS B-Series M3 Blade Servers | CSCvg97965 | (18-Feb-2018) |
| Cisco UCS B-Series M4 Blade Servers (except B260 and B460) | CSCvg97979 | (18-Feb-2018) |
| Cisco UCS B-Series M5 Blade Servers | CSCvh31577 | (18-Feb-2018) |
| Cisco UCS B260 M4 Blade Server | CSCvg98015 | (18-Feb-2018) |
| Cisco UCS B460 M4 Blade Server | CSCvg98015 | (18-Feb-2018) |
| Cisco UCS C-Series M2 Rack Servers | CSCvh31576 | Fix pending |
| Cisco UCS C-Series M3 Rack Servers | CSCvg97965 | (18-Feb-2018) |
| Cisco UCS C-Series M4 Rack Servers (except C460) | CSCvg97979 | (18-Feb-2018) |
| Cisco UCS C-Series M5 Rack Servers | CSCvh31577 | (18-Feb-2018) |
| Cisco UCS C460 M4 Rack Server | CSCvg98015 | (18-Feb-2018) |
Dell
BIOS updates for PowerEdge Server Products
| Generation | Models | BIOS version |
| 14G | R740, R740XD, R640 | 1.2.71 |
| R540, R440, T440 | 1.2.71 | |
| T640 | 1.2.71 | |
| C6420 | 1.2.71 | |
| FC640, M640, M640P | 1.2.71 | |
| C4140 | 1.0.2 | |
| R940 | 1.2.81 | |
| T30 | 1.0.12 |
| Generation | Models | BIOS version |
| 13G | R830 | 1.7.0 |
| T130, R230, T330, R330 | 2.4.1 | |
| R930 | 2.5.0 | |
| R730, R730XD, R630 | 2.7.0 | |
| C4130 | 2.7.0 | |
| M630, M630P, FC630 | 2.7.0 | |
| FC430 | 2.7.0 | |
| M830, M830P, FC830 | 2.7.0 | |
| T630 | 2.7.0 | |
| R530, R430, T430 | 2.7.0 | |
| C6320 | 2.7.0 |
BIOS update for Dell Datacenter Scalable Solutions (DSS)
| Models | BIOS Version |
| DSS9600, DSS9620, DSS9630 | 1.2.71 |
| DSS1500, DSS1510, DSS2500 | 2.7.0 |
| DSS7500 | 2.7.0 |
2. Checking if your registry is compatible with your OS updates (Windows)
There are some third party anti-virus software that are currently incompatible with the latest patch updates from Windows. If you are unable to update your OS due to this reason, it is recommended that you modify your registry to fix this. However we highly recommend that you also backup your registry before you manually edit it as using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Below is the registry key to be set:
Key=”HKEY_LOCAL_MACHINE”
Subkey=”SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat” Value=”cadca5fe-87d3-4b96-b7fb-a231484277cc”
Type=”REG_DWORD”
Data=”0x00000000”
For Trend Micro users, there has been a patch release for their products in which enables the ALLOW REGKEY (the above code) automatically. This however is not the fix to the vulnerabilities and you have to update your OS as this patch will not update your OS but allow you to update.
Additionally, note that per Microsoft, even clients that do not have active anti-malware or security software installed may still be required to apply the specific registry key before the security patches can be obtained from Windows Update.
| Product | Updated version | Notes | Platform |
| OfficeScan | XG (all versions including SP1) – CP 1825-4430 | Readme | Windows |
| 11.0 SP1 – CP 6496 | Readme | Windows | |
| Deep Security | Deep Security Agent 10.0.0-2649 for Windows (U6) | Readme | Windows |
| Deep Security Agent 9.6.2-8288 for Windows | Readme | Windows | |
| Worry-Free Business Security | 9.5 CP 1447 | Readme | Windows |
3. Updating your OS (Operating System)
Below are the updates that are currently out for Windows OS for both Servers and Desktop (this will be updated as more updates are released):
|
Product |
Article |
Download |
| Windows Server, version 1709 (Server Core Installation) | 4056892 | Security Update |
| Windows Server 2016 (Server Core installation) | 4056890 | Security Update |
| Windows Server 2016 | 4056890 | Security Update |
| Windows Server 2012 R2 (Server Core installation) | 4056898 | Security Only |
| Windows Server 2012 R2 | 4056898 | Security Only |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4056894 | Monthly Rollup |
| 4056897 | Security Only | |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4056894 | Monthly Rollup |
| 4056897 | Security Only | |
| Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4056894 | Monthly Rollup |
| 4056897 | Security Only | |
| Windows 8.1 for x64-based systems | 4056898 | Security Only |
| Windows 8.1 for 32-bit systems | 4056898 | Security Only |
| Windows 7 for x64-based Systems Service Pack 1 | 4056894 | Monthly Rollup |
| 4056897 | Security Only | |
| Windows 7 for 32-bit Systems Service Pack 1 | 4056894 | Monthly Rollup |
| 4056897 | Security Only | |
| Windows 10 Version 1709 for 64-based Systems | 4056892 | Security Update |
| Windows 10 Version 1709 for 32-bit Systems | 4056892 | Security Update |
| Windows 10 Version 1703 for x64-based Systems | 4056891 | Security Update |
| Windows 10 Version 1703 for 32-bit Systems | 4056891 | Security Update |
| Windows 10 Version 1607 for x64-based Systems | 4056890 | Security Update |
| Windows 10 Version 1607 for 32-bit Systems | 4056890 | Security Update |
| Windows 10 Version 1511 for x64-based Systems | 4056888 | Security Update |
| Windows 10 Version 1511 for 32-bit Systems | 4056888 | Security Update |
| Windows 10 for x64-based Systems | 4056893 | Security Update |
| Windows 10 for 32-bit Systems | 4056893 | Security Update |
| Microsoft SQL Server 2017 for x64-based Systems (CU) | 4058562 | Security Update |
| Microsoft SQL Server 2017 for x64-based Systems | 4057122 | Security Update |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU) | 4058561 | Security Update |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 | 4057118 | Security Update |
4. Updating your browsers
The last step would be to make sure that your internet browser is patched to the latest version. Below are a few of the most used browsers and the versions they need to be updated to:
Mozilla – Firefox 57.0.4
Internet Explorer/Microsoft Edge – Included in the latest security update of Windows KB4056890 (OS Build 14393.2007)
Again more updates will be posted as soon as the fixes are released by the respective vendors. If you need more details or help in implementing the said solutions from vendors, please do contact us at 893-9515 and we will do our utmost to help!