UDTSecure Threat Advisory – ID: 1037993 – Meltdown and Spectre


CVE Reference: CVE-2017-5753, CVE-2017-5715, CVE-2017-5754
Date: January 10th, 2018
Status: Confirmed
Fix Available: Yes (vendor dependent)
Impact: Hardware vulnerabilities present in modern processors allow programs to steal data (including passwords or other sensitive data) from the memory of the operating system and other running programs on a computer.
Security Rating: CRITICAL

Two critical exploits, dubbed Meltdown and Spectre, have been discovered to affect most modern computer processors. These threats are comprised of multiple vulnerabilities that leverage side-channel attacks to obtain information from computer memory locations. Meltdown “melts” security boundaries between applications and the operating system that are normally enforced by hardware, while Spectre breaks the isolation between different applications. These vulnerabilities allow malicious programs to trick the operating system, or other applications, into leaking data, including passwords, secrets, or other sensitive data.

The Meltdown and Spectre attacks take advantage of security flaws present in most modern processors. Specifically, the speculative execution and out-of-order execution of CPU instructions are responsible for these attacks. These techniques are used by modern CPUs to minimize wait time and improve performance. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. Both Meltdown and Spectre have patches that have been made available for various devices and operating systems.

Affected Software:
Desktop, laptop, and cloud computers may be affected by Meltdown. Almost every Intel processor released since 1995 is affected by Meltdown. AMD processors may be susceptible to Meltdown, but it has not yet been demonstrated. For ARM processors, only a limited subset of Cortex-A chips are at risk.

Almost every system is affected by Spectre, including desktops, laptops, cloud servers, and smartphones. All modern processors are potentially vulnerable, including Intel, AMD, and ARM.

Users should install updates and patches to affected products and hosts as soon as they become available. Firmware updates will vary and are vendor and model dependent. In addition, most firmware updates need to be installed directly on the system, requiring physical access and system reboots. Unless a known patch has been applied, assume that all devices using modern processors are vulnerable.

It is of note that there may be a performance impact as a result of many of these updates, with some workloads experiencing a larger impact than others. Specifically, older processors are more likely to be impacted, as are Windows Server instances, especially if they are I/O intensive. Microsoft has warned customers to consider not updating their server firmware if they do not run any untrusted code or if it is imperative that performance is not impacted, as there are reported cases of “significant” impacts to performance with the current updates.

In addition, ensure that other standard security best practices are being followed to minimize exposure. Avoid suspicious e-mail attachments, documents, and websites. Ensure that long, complex passwords are used. Keep all software up to date with patches.

Underlying Affected Products:
All products that utilize modern CPUs are likely affected. We highly recommend you visit each vendor’s website for products and/or system components that are applicable to your environment and infrastructure for more specific information on remediation of these vulnerabilities.

Microsoft has released documents that cover both server and client versions of Windows:

Company           Link

Intel  Security Advisory    /     Newsroom    /     Whitepaper
ARM  Security Update
AMD  Security Information
RISC-V  Blog
NVIDIA  Security Bulletin   /    Product Security
Microsoft  Security Guidance    /     Information regarding anti-virus software    /     Azure Blog    /     Windows (Client)    /     Windows (Server)
Amazon  Security Bulletin
Google  Project Zero Blog    /     Need to know
Android  Security Bulletin
Apple  Apple Support
Lenovo  Security Advisory
IBM  Blog
Dell  Knowledge Base   /    Knowledge Base (Server)
HP  Vulnerability Alert
Huawei  Security Notice
Synology  Security Advisory
Cisco  Security Advisory
F5  Security Advisory
Mozilla  Security Blog
Red Hat  Vulnerability Response   /    Performance Impacts
Debian  Security Tracker
Ubuntu  Knowledge Base
SUSE  Vulnerability Response
Fedora  Kernel update
Qubes  Announcement
Fortinet  Advisory
NetApp  Advisory
LLVM  Spectre (Variant #2) Patch   /    Review __builtin_load_no_speculate   /    Review llvm.nospeculateload
CERT  Vulnerability Note
MITRE  CVE-2017-5715   /    CVE-2017-5753    /     CVE-2017-5754
VMWare  Security Advisory   /    Blog
Citrix  Security Bulletin   /    Security Bulletin (XenServer)
Xen  Security Advisory (XSA-254)   /    FAQ

If you feel you’ve been the subject of an attack or view suspicious activities in emails or networks, call us immediately at 1-800-882-9919 and request to speak to one of our fully certified cybersecurity consultants.

Focus time, money, and effort on what really matters

Let’s build success together. 

More to explore

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:


  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,