As a follow up to our previous communication titled ‘Update to CPU Meltdown & Spectre Vulnerabilities,’ powersolution.com has been testing the updates provided by Microsoft and computer vendors to patch the two vulnerabilities dubbed Meltdown and Spectre. We have also been following the guidance provided by Intel, AMD, HP, and Dell.
To recap, roughly every processor produced since 1995 is susceptible to a flaw that could allow an attacker to gain access to passwords and other sensitive data without leaving a trace. These two vulnerabilities affect both Intel and AMD based chipsets. In order to mitigate the vulnerabilities, two patches need to be applied to the computer system – one to the operating system and one to the firmware to patch the microcode of the processor.
Recent Update on CPU Meltdown & Spectre issues
As of January 24th, Intel along with most major computer manufacturers, such as HP and Dell, are advising NOT to install the firmware patch. Intel has confirmed that the update can cause unexpected reboots – even on newer systems. In fact, both HP and Dell have removed the patches from their respective websites until Intel releases a stable update.
AMD has also released their respective firmware patch to patch the microcode of the processor. To date, AMD and computer manufacturers have reported no incidents of the patch causing system stability issues, such as random reboots. On the other hand, there are still issues with the Microsoft Windows patch, mainly on Windows 10, for AMD based systems.
powersolution.com’s guidance is still to not patch for the Meltdown or Spectre vulnerabilities (operating system or firmware) due to performance and stability issues. We will continue to monitor industry guidance and will determine, based on feedback, if the patches should be applied.
Even though the vulnerabilities have been known for nearly a month, industry reports show no evidence of the two vulnerabilities being exploited. In fact, developing an exploit for Meltdown or Spectre is extremely difficult. Lastly, the exploits would have to be initiated internally on the system – which is minimized by the already-in-place security measures, such as the organization’s corporate firewall and antivirus solution.
As always, if you have any questions or concerns regarding the CPU Meltdown & Spectre vulnerabilities, please do not hesitate to reach out for a discussion.