Country

Security Blog

Two far-reaching vulnerabilities discovered in all modern CPUs. Some updates are available.

Two far-reaching vulnerabilities discovered in all modern CPUs

In the last two days, information about new massive vulnerabilities in all current processors for computer systems has been published in advance.
Slowly, more details are recognizable by the first reactions from e.g. Intel and Google. It can be assumed that in the next few days even more details will come through.
The two possible attack scenarios have been named "Spectre" and "Meltdown". At the moment no active attacks or the exploitation of the vulnerability are known.

In principle, all current systems are affected - servers, personal computers, tablets and smartphones. Depending on the scope and possible scenarios, all manufacturers such as Intel, AMD and ARM are affected.
The impact on Intel systems seems to be greater, AMD systems are less vulnerable. There is still no agreement on the actual effects and whether these weak points are already being exploited.

Hardware manufacturers are already making efforts to develop necessary software patches with the various operating system manufacturers.

For Android systems there is already an update available with the security update from 02. January 2018. It’s to be expected that the respective manufacturers will take over this patch and also the users will install this update.

Virus scanners must explicitly confirm compatibility with the operating system before Microsoft Windows installs the security update.

IKARUS is currently reviewing the compatibility of its products extensively and will release an update next week confirming this compatibility.

Customers who would like to receive the Microsoft Update beforehand can activate this at their own risk via a registry switch. Information about this can be found here:
https://support.microsoft.com/en-us/help/4056897/windows-7-update-kb4056897

The patch numbers differ depending on the OS version:
Source: https://www.cnet.com/how-to/how-to-protect-your-pc-against-the-intel-chip-flaw/

If you are running Windows 10 version 1709 (Fall Creators Update), the patch you need is labelled Security Update for Windows (KB4056892).
For older versions of Windows 10, here are the patch numbers:

Windows 10 version 1703 (Creators Update): KB4056891
Windows 10 version 1607 (Anniversary Update): KB4056890
Windows 10 version 1511 (November Update): KB4056888
Windows 10 version 1507 (Initial Release): KB4056893

Respectively:
http://www.computerbild.de/artikel/cb-Aktuell-Sicherheit-Microsoft-Patchday-2018-7687678.html

Update from January 3, 2018 - KB4056898 (Security-only update)
Applies to: Windows 8.1Windows Server 2012 R2 Standard

Update from January 4, 2018 - KB4056894 (Monthly Rollup)
Applies to: Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1

 

 

 

© 2018 IKARUS Security Software GmbH