Meltdown and Spectre Vulnerability Guidance.

On January 3rd 2018 researchers at Google’s Project Zero team announced vulnerabilities, dubbed Spectre and Meltdown, in modern computer processors (CPR) which could allow an attacker to access sensitive data.

This issue is an inherent design issue in the computer processors and as such the ultimate remediation is to replace the affected CPUs.

Details of the vulnerabilities are available from Google Project Zero at their site.

The UK’s National Cyber Security Centre has released guidance on how to handle the vulnerabilities and the US CERT provides a listing of all the vendor updates

There are two websites dedicated to the vulnerabilities, Meltdown Attack and Spectre Attack

A number of software vendors have released information updates and/or provided patches to their platforms to mitigate the risk posed by this vulnerability.

Note some vendors have warned that applying their patches may result in a performance degradation on the patched systems due to how the patch changes how the CPU manages processes.

Microsoft has provided guidance to protect against the vulnerabilities and have also issued their monthly patch earlier than expected.

Please note that various anti-virus vendors have announced they do not yet support the above patch so before applying the patch check with your anti-virus vendor. This is a good list that you can also refer to in order to determine if you anti-virus vendor supports the patch

Linux Operating Systems



  • Citrix has released information for their Citrix and Xen platforms

Details of updates to the issue from various cloud providers are available as follows;

Microsoft Azure

You should also contact your own hosting provider to ensure they have applied patches to any platforms that your systems may be hosted on

Until affected hardware can be replaced we recommend that you make yourself familiar with the vulnerabilities and their potential impact on your systems.  You should make contact with your vendors to get their guidance and any available patches.

All patches should be thoroughly tested to determine if they impact on performance or if there are any third party compatibility issues, such as conflicts as outlined earlier with anti-virus software. Based on the results of that testing and a comprehensive risk assessment we recommend strongly that the patches are applied.

Keep in mind that you may not be able to patch all affected systems in a timely fashion so ensure you run regular reviews to detect any unpatched systems and to then apply the patches.

You should also configure your IDS/IPS systems to detect any suspicious traffic, some IDS/IPS vendors have issued updates to detect attacks against these vulnerabilities.

Regularly monitoring of your systems for suspicious activity should be in place to detect a potential breach, and finally you should review your incident response processes to be prepared in the event of a breach resulting from these vulnerabilities

Leave a Reply