Vendors Rush to Issue Security Updates for Meltdown, Spectre Flaws

Wondering what to do in the wake of the revelation of newly discovered critical design flaws in most modern microprocessors? Security experts say the best bet is to apply patches for the side-channel attack vulnerabilities, which were disclosed this week. 

The vulnerabilities impact a wide number of products from numerous vendors, though not always with the same level of severity. Also impacted are servers, and in many cases the underlying infrastructure hosting cloud services. Vendors and security analysts have urged all organizations and customers to apply patches, OS updates, and other workarounds as soon as they become available, regardless of the severity of impact.

"Generally speaking, the patches to fix this move the balance back towards security," said Paul Ducklin, senior security advisor at Sophos.

The catch, however is that some of the fixes could reduce performance a bit, he said.  "Sometimes, the price of security progress is a modicum of inconvenience. In this case, the updates might slow you down a tiny bit, but think of it as being for the greater good of all," he noted.

Here's a rundown of vendors that have released, or are working on, patches for the vulnerabilities, aka Meltdown and Spectre.

Intel

Intel has acknowledged the issue but said it doesn't believe the exploits have the potential to corrupt, modify, or delete data. The processor vendor claimed that many computing devices from other vendors are susceptible to the same so-called speculative execution side-channel attacks.

Read the rest of this article on Dark Reading.