Cisco released new security updates on Friday, two rated high severity and two medium severity, to address ASA, NX-OS and CPU side-channel vulnerablities that impact multiple products.
New variants of the side-channel central processing unit (CPU) hardware vulnerabilities (aka Meltdown/Spectre) have been discovered. The new variants dubbed 3A and 4 have been found by Microsoft and Google researchers.
Late last month, a new vulnerability dubbed “Total Meltdown” was discovered after Microsoft issued patches to fix the previous Meltdown vulnerabilities.
Intel released new details of availability for microcode updates that address the Meltdown and Spectre design flaws in Intel processors.
According to the company, Intel has stopped working on microcode updates for certain Intel processors as noted in the release.
Intel said the root cause of the reboot issues have been identified. To that end, the company said customers and partners should not install its current versions of Spectre/Meltdown patches rolled out earlier this month as they “may introduce higher than expected reboots and other unpredictable system behavior.”
Intel made an update yesterday to previously issued security advisory on the Spectre/Meltdown ‘speculation execution’ vulnerabilities that could cause information disclosure on systems running Intel processors.
Oracle has released its Critical Patch Update Advisory for January 2018. The update includes 237 new security fixes for multiple Oracle products to include Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) Intel processor vulnerabilities.
On the heels of recent Spectre and Meltdown vulnerabilities, the F-Secure security team has discovered a security issue in Intel’s Active Management Technology (AMT).
Microsoft issued January 2018 Security Updates that includes patches to fix 16 critical bugs in Microsoft products Office, Word and SharePoint.
Software and hardware vendors have issued advisories and fixes for “Spectre” (speculative execution side-channel attack) and “Meltdown” vulnerabilities, related to recently disclosed CPU processor design flaws.