Banner.jpg

Advisory

Meltdown and Spectre Patches
Consolidated

Last Updated On: 06-08-2018

SL. No. Category Impacted Platform & Version Patch available Meltdown (CVE-2017-5754) Patch available Spectre Variant 1 (CVE-2017-5753) Patch available Spectre Variant 2 (CVE-2017-5715) Patch Details Comments
1 Server / Desktop Operating System Windows 10 Yes Yes Yes x64 version 1507 - KB4056893
x64 version 1511 - KB4056888
x64 version 1607 - KB4056890
x64 version 1703 - KB4056891
x64 version 1709 - KB4056892
x64 - KB4074596
32-bit version 1511 - KB4074591
32-bit version 1607 - KB4074590
32-bit version 1703 - KB4074592
Windows update that disables patches for the Spectre Variant 2 bug.
x64 and x86 version 1709 - KB4078130
x64 and x86 version 1511 - KB4078130
x64 and x86 version 1607 - KB4078130
x64 and x86 version 1703 - KB4078130
2 Server / Desktop Operating System Windows 8 and Windows Server 2012 Yes Yes Yes Windows 8.1 and Server 2012 R2- KB4056898 Windows update that disables patches for the Spectre Variant 2 bug.
Windows 8.1 and Server 2012 R2 – KB4078130
3 Server / Desktop Operating System Windows 7 and Windows Server 2008 Yes Yes No Windows 7 SP1 and Server 2008 R2 SP1 – KB4056897

Windows 7 SP1 and Server 2008 R2 SP1 – KB4056894

Windows update that disables patches for the Spectre Variant 2 bug.
Windows 7 SP1 and Server 2008 R2 SP1 – KB4078130
4 Server / Desktop Chipset AMD Yes Yes No KB4073578 for Windows 7 SP1 and Windows Server 2008 R2 SP1

KB4073576 for Windows 8.1 and Windows Server 2012 R2

Microsoft has received reports of PCs running AMD processors not booting after installing the latest Windows security update. As solution, Microsoft has released new patches that appear to apply specifically to AMD devices.
5 Mobile Operating System macOS and iOS Yes No No Patches are available for
macOS High Sierra 10.13.3,
Safari 11.0.2
iOS 11.2.2
macOS High Sierra 10.13.2
iOS 11.2.5
Security Update 2018-001 Sierra
Security Update 2018-001 El Capitan
6 Application Chrome No Yes Yes Turn on site isolation option Google has announced it will be including mitigations for Spectre starting with Chrome 64, which will be released on or around January 23. In the meantime, Chrome users are advised to turn on site isolation, which can help prevent a site from stealing data from another site.
7 Application Firefox No Yes Yes Firefox version 57.0.4
8 Application Safari No Yes Yes Safari 11.0.2
9 Application IE and Edge No Yes Yes Internet Explorer 11 and Microsoft Edge update
10 Server / Desktop Chipset Intel Yes Yes Yes Updates available for Meltdown Updates avaliable for Spectre (KB4090007) KB4090007 (Patch for Spectre Variant 2) is only available for Windows 10 version 1709 (Fall Creators Update) & Windows Server version 1709 (Server Core). The update package is for Intel Skylake CPU owners only.
11 Server / Desktop Chipset IBM Yes Yes Yes Firmware patches for POWER7+, POWER8, and POWER9 platforms are all currently available via FixCentral The company says Power7 patches will be available February 7. In addition, it estimates IBM is operating system patches (also available via FixCentral) will finish rolling out on February 12, and AIX patches will be available starting January 26.
12 Server / Desktop Operating System CentOS Yes Yes Yes Patches are available
13 Server / Desktop Operating System Citrix No No Yes Patches are available
14 Server / Desktop Operating System Redhat Yes Yes No RHSA-2018:0008
RHSA-2018:0012
RHSA-2018:0013
RHSA-2018:0014
Red Hat is going to release updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715).
15 Server / Desktop Operating System SUSE No No Yes Patches are available
16 Server / Desktop Operating System Ubuntu Yes Yes Yes Patches are available Affected Products:
• Ubuntu 17.10 (Artful) – Linux 4.13 HWE
• Ubuntu 16.04 LTS (Xenial) – Linux 4.4 (and 4.4 HWE)
• Ubuntu 14.04 LTS (Trusty) – Linux 3.13
• Ubuntu 12.04 ESM** (Precise) – Linux 3.2
17 Virtual Machine Operating System Vmware No Yes Yes Patches are available for VIC product, and workarounds are made available for UM, vIDM, vCSA, and vRA. Affected Products:
• VMware vSphere ESXi (ESXi)
• VMware Workstation Pro / Player (Workstation)
• VMware Fusion Pro / Fusion (Fusion)
18 Server / Desktop Chipset Dell Yes Yes No Updates are available BIOS updates are available for some Dell desktop, notebook, and server products. The Dell security advisory contains several other links to various products types
19 Server / Desktop Chipset Fujitsu Yes Yes Yes Updates are available BIOS updates are available for some products, but not all. The security advisory contains multiple links to various product types.
20 Server / Desktop Chipset Gigabyte Yes Yes Yes Updates are available Motherboard provider Gigabyte has released BIOS updates. Users will have to access the advisory, click on the motherboard series name in the list of affected table, and check for a recent BIOS update on each motherboard product’s page.
21 Server / Desktop Chipset HP Yes Yes No Updates are available BIOS updates are available for almost half of the HP products listed as vulnerable.
22 Server / Desktop Chipset Lenovo Yes Yes Yes Updates are available Lenovo has the detailed tables for all affected products, including download links and upcoming BIOS download availability for each one.
23 Mobile Operating System Android Yes Yes Yes Patches are available Supported Nexus and Pixel devices with the latest security update are protected.
24 Application Opera Yes No No Patches are available
25 Server / Desktop Chipset Oracle X86 Servers No No Yes Patches are available
26 Virtual Machine Operating System Oracle VM VirtualBox No No Yes Patches are available
27 Server / Desktop Operating System Debian Yes Yes Yes Patch available for Meltdown
Patch available for Spectre Variant 1
Patch available for Spectre Variant 2
28 Cloud Computing Platform Amazon Web Services (AWS) Yes No Yes Patches are available Amazon AWS is facing a noticeable slowdown on cloud server instances on deployment of the security patch.
29 Database Management System SQL Server Yes Yes Yes SQL Server 2017 GDR
SQL Server 2017 RTM CU3
SQL Server 2016 SP1
SQL Server 2016 GDR SP1
SQL Server 2016 CU
SQL Server 2016 GDR
SQL Server 2014 SP2 CU10
SQL Server 2014 SP2 GDR
SQL Server 2012 SP4 GDR
SQL Server 2012 SP3 GDR
SQL Server 2012 SP3 CU
SQL Server 2008 SP4 GDR
SQL Server 2008 R2 SP3 GDR
30 Server / Desktop Operating System IBM AIX & VIOS Yes Yes Yes Patches available for AIX 5.3 (64-bit kernel), 6.1, 7.1, 7.2 and VIOS 2.2.x
31 Server / Desktop Chipset ARM Yes Yes Yes Updates are available Kernel patches are available at https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/?h=kpti

Arm Trusted Firmware is available at https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-6 Arm

Trusted Firmware is available at https://github.com/ARM-software/arm-trusted-firmware/wiki/Trusted-Firmware-A-Security-Advisory-TFV-7
32 Server / Desktop Operating System IBM I Yes Yes Yes Patches are available for IBM I 7.1, 7.2 and 7.3
33 Server / Desktop Chipset Siemens Yes Yes Yes Updates are available
34 Server / Desktop Chipset Synology DiskStation Manager - Yes - Updates are available
35 Server / Desktop Chipset Dell EMC Yes Yes No Updates are available
36 Server / Desktop Chipset Fortinet, Inc. Yes Yes Yes Updates are available
36 Server / Desktop Chipset Hitachi Yes Yes Yes Updates are available