Tier1Net would like to share the latest available information on the Spectre and Meltdown vulnerabilities. First and foremost, it is important to note that there are still no known exploits actively targeting the vulnerabilities.
Tier1Net’s preferred firewall vendor, Sonicwall, has confirmed it has deployed antivirus and intrusion prevent signatures which will protect against attempted Spectre and Meltdown attacks. These antivirus and IPS updates have already deployed to Tier1Net’s cloud and customer networks.
Tier1Net is actively tracking the status of patches as they are released. Once released Tier1Net will evaluate patches for stability before releasing them for install. A Tier1Net representative will contact you if it is determined that the installation of a particular patch requires manual intervention or a maintenance window. Tier1Net recommends that its customers take immediate action to update their iPhone and Android devices using the Knowledgebase articles documented below.
To review the status of patches being released please see the following vendor list.
Microsoft has already released patches for the latest version of Windows 10 as well as patches for its web browsers, Internet Explorer and Edge. With regards to older versions of Windows Microsoft will be releasing those patches this week. PCs and servers within Tier1Net managed networks will automatically receive the patches via Tier1Net’s Windows Update service.
PCs not managed by Tier1Net (for example, personal use and home PCs) will automatically receive patches as long as they have been enabled to receive updates via Microsoft’s Windows Update service. Please see the following for further information on enabling Microsoft’s Windows Update service: https://support.microsoft.com/en-us/help/12373/windows-update-faq
Apple has released iPhone iOS version 11.2.2 which includes code mitigating the Meltdown and Spectre vulnerabilities. Tier1Net recommends installing the updates as soon as possible. Please see the following KB detailing the steps required to update an iPhone’s iOS: https://tier1net.itglue.com/DOC-1500653-1490177
Google patched Android against Meltdown and Spectre in a January security update. The specific availability of this update is based on the Android device manufacturer’s approval of the update. Tier1Net recommends checking for and installing the most recent updates available as soon as possible. Please see the following KB detailing the steps required to update an Android device: https://tier1net.itglue.com/DOC-1500653-1490202
Google is also releasing an update for its Chrome web browser in the coming days which will obstruct attempts to exploit the Meltdown and Spectre flaws. Chrome will automatically install the latest available version when the browser is launched.
Mozilla has released an update for Firefox to mitigate against Meltdown and Spectre. The update will be installed automatically when the browser is launched.
VMware has released patches for its ESX hypervisor to address the Spectre and Meltdown vulnerabilities. The ESX hypervisor typically operates on server hardware and is responsible for running virtual instances of Windows servers. Tier1Net is in the process of evaluating these patches and will deploy them to its cloud and customer networks once patch stability has been fully confirmed.
There have also been reports of patches negatively impacting a device’s CPU performance once installed. The initial reports of the performance impacts may have been overstated with conflicting reports on observed performance impact. Microsoft has warned users of older PCs of a possible performance impact once patches are installed. Regarding servers, any impact to performance is load dependent and may be further reduced by a new discovery made by Google researchers.