it.ucsf.edu

Security Update:Meltdown and Spectre Side-Channel Vulnerabilities

Status Type

Security Update

Date and Time

Thursday, January 4, 2018 - 16:44

Reason

Security Update

Impact

modern CPU microprocessors

WHAT HAPPENED?

 

On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of set of security vulnerabilities—known as Meltdown(link is external) and Spectre(link is external)— that affect modern computer processors.

 

Advanced Users:

  • NCCIC encourages users and administrators to refer to their OS vendors for the most recent information. However, the table provided below lists available patches. Due to the fact that the vulnerability exists in CPU architecture rather than in software, patching may not fully address these vulnerabilities in all cases.

AVAILABLE UPDATES FOR:

 
The following table contains links to patch information published in response to the vulnerabilities.
Link to Vendor Patch Information Date Added
Amazon(link is external) January 4, 2018
AMD(link is external) January 4, 2018
Android(link is external) January 4, 2018
ARM(link is external) January 4, 2018
CentOS January 4, 2018
Chromium January 4, 2018
Citrix(link is external) January 4, 2018
F5(link is external) January 4, 2018
Google(link is external) January 4, 2018
Huawei(link is external) January 4, 2018
IBM(link is external) January 4, 2018
Intel(link is external) January 4, 2018
Lenovo(link is external) January 4, 2018
Linux January 4, 2018
Microsoft Azure(link is external) January 4, 2018
Microsoft Windows(link is external) January 4, 2018
NVIDIA(link is external) January 4, 2018
OpenSuSE January 4, 2018
Red Hat(link is external) January 4, 2018
SuSE(link is external) January 4, 2018
Trend Micro(link is external) January 4, 2018
VMware(link is external) January 4, 2018
Xen January 4, 2018
 

 

WHAT'S THE PROBLEM?

 

Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

 

HOW DO I PROTECT MY COMPUTER?

Update your software

  1.  If you are supported by ITFS or have different IT support, no action on your part is required. 
  2. If you do not have IT support or they do not support your computer:
  • Update SEP
  • refer to their OS vendors for the most recent information