14Jan2018 – Updated with latest VMware Public KB and Intel Sightings info
I’m sure many of you have heard of the Intel CPU vulnerabilities and how they can impact x86 architectures – I have a feeling this is just the start of something larger too.
I’ve had many Providers reach out to me, very concerned about how this can impact a SP design, especially with virtualization.
To step back, I found this very simple depiction that was shared on Twitter that summarizes the two vulnerabilities – thank you Daniel Miessler (link to his blog article):
- There are three CVEs:
- CVE-2017-5715 (Spectre)
- CVE-2017-5754 (Meltdown)
- The patches made available by VMware should cover CVE-2017-5753 and CVE-2017-5715. Considering the patches were released earlier, you may very well be already patched.
- CVE-2017-5754 (or Meltdown) does not seem to affect ESXi, Workstation, and Fusion because ESXi does not run untrusted user mode code, and Workstation and Fusion rely on the protection that the underlying operating system provides. Thus, the underlying OS that should probably be patched for the vulnerability. Therefore, the following three links are for the first two CVEs only.
- BEFORE READING ANYTHING ELSE, PLEASE READ THIS KB: https://kb.vmware.com/s/article/52085
2018-0004 includes microcode updatesPULLED
- 14January2018 – Intel Sightings – PLEASE READ NEXT:
- If you have applied 2018-0004 – William Lam has written a nice blog and PowerCLI script to remove the new CPU Instructions. PLEASE review and follow: https://www.virtuallyghetto.com/2018/01/automating-intel-sighting-remediation-using-powercli-ssh-not-required.html
- Public KB Posted: https://kb.vmware.com/s/article/52245
- 9Jan2018 – New Security Advisory Posted: https://www.vmware.com/pl/security/advisories/VMSA-2018-0004.html
- Discusses updates for Hypervisor-Assisted Guest Remediation for speculative execution issue.
- Information on VMware appliances and any impact (VMware KB): https://kb.vmware.com/s/article/52264
- VMware’s Security and Compliance Blog VMSA-2018-0002: https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html
- VMware Security Advisory Link: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
- Security List Announcement: https://lists.vmware.com/pipermail/security-announce/2018/000397.html
Further information on Spectre and Meltdown on the newly created URL: https://meltdownattack.com/
As I see further information, I will continue to share – this impacts everyone and I have a feeling this is something we all will be dealing with for a long time.