qualys spectre meltdown

• Back to main menu
• BROWSE BY TOPIC BROWSE BY TOPIC
• Global IT Asset Management
• IT Security
• Cloud & Container Security
• Web App Security
• Certificate Security & SSL Labs
• Developer API
• Cloud Platform
• Start a discussion

Processor Vulnerabilities – Meltdown and Spectre

Last updated on: September 6, 2020

UPDATE 1/4/2018: Qualys has released several QIDs for detecting missing patches for these vulnerabilities. UPDATE 1/5/2018: Pre-built AssetView dashboards to visualize impact and remediation progress.

Vulnerabilities potentially impacting all major processor vendors were disclosed today by Google Project Zero. These vulnerabilities have been named Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715). Organizations should inventory their systems by processor type, apply vendor patches as they become available, and track their progress. This article describes how Qualys can help in all three areas.

Meltdown allows any application to access all system memory, including memory allocated for the kernel. Mitigation for this vulnerability will require operating system patches and potentially firmware updates. Patches for this vulnerability may have a performance impact on systems. So far, only Intel chips and one ARM processor have been shown to be vulnerable. ARM has also discovered another variant (3a), which is similar to Meltdown and impacts several more of their processors.

Spectre allows an application to force another application to access arbitrary portions of its memory, which can then be read through a side channel. This vulnerability will require microcode updates in order to fully mitigate, in addition to software patches. According to Google Project Zero, this vulnerability impacts Intel, AMD, and ARM chips.

Mitigations

Microsoft has issued patches for all supported versions of Windows. Microsoft has also issued a guidance document for mitigations on client devices, and another for Windows servers. Please note that the patches released by Microsoft may be incompatible with certain antivirus software.

Microcode updates have been released by Intel to mitigate Spectre, and several Linux distributions have packaged the microcode in standard OS patches. It is not yet known if Microsoft will release microcode updates via Windows Update. Hardware vendors are expected to release the new microcode in the form of BIOS updates.

MacOS 10.13.2 mitigates some of the disclosed vulnerabilities, but MacOS 10.13.3 will enhance or complete these mitigations.

Processor vendor links: https://newsroom.intel.com/news/intel-responds-to-security-research-findings/ https://www.amd.com/en/corporate/speculative-execution https://developer.arm.com/support/security-update

Other software vendor patches: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html https://access.redhat.com/security/vulnerabilities/speculativeexecution https://www.suse.com/support/kb/doc/?id=7022512

Customers with Qualys Vulnerability Management

Qualys has released several QIDs that detect missing patches for these vulnerabilities across several operating systems. A list of currently-released QIDs is being maintained in this Qualys Support article . The QIDs are supported by both authenticated scanning and the  Qualys Cloud Agent .

• QID 43113 : Processor Information for Windows Target System
• QID 43110 : Apple Macintosh Processor Architecture
• QID 115048 : Processor Information for Unix Target
• QID 45177 : Processor Information for Solaris Target

The Qualys Cloud Agent can be used to determine processor types by searching with AssetView on the processors.description field like this:

The results can also be grouped by processor type:

Get Started Now

To start detecting and protecting against critical vulnerabilities, get a  Qualys Suite trial . All features described in this article are available in the trial.

Comments Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

How about VIA eden series?

The VIA Eden (C3/C7) processors do not have out-of-order execution so no they cannot be vulnerable to this issue. The problem needs the processor to execute instructions before it knows for certain that it needs to, if it eventually finds that it shouldn’t have executed those instructions it throws away the results. The problem is that there are remaining traces that it did actually execute the instruction.

Thanks a lot for the comment, Robert! So i guess my VIA Epia M with C3 cpu is not vulnerable. Thanks a lot.

• Discussions
• Back to main menu
• Browse by Topic
• Asset Management
• IT Security
• Cloud & Container Security
• Web App Security
• Certificate Security & SSL Labs
• Developer API
• Cloud Platform
• Consulting Edition
• Start a discussion

Ravindra Bhandari asked a question.

Any one aware of What are the QID or Signatures released for Checking Spectre and Meltdown (refer :  https://blog.qualys.com/securitylabs/2018/01/03/processor-vulnerabilities-meltdown-and-spectre  ) for more details?

Robert Dell'Immagine (Qualys)

Regarding the issue reported in this thread with Windows QIDs (note: community members are reporting that it now works as expected), here is some insight:

- The Windows QIDs are in Vulnerability Signature Version: 2.4.234-3 and above. The first thing to do is to always check your signature version in your subscription at Help -> About.  And I'm sure many people already know that, but it's good to reinforce the basics.

- Also, there can be a delay of up to a few hours for the scanners to poll the Qualys SOC and download the new signatures. Please keep this in mind.

- It appears the above (especially the polling delay) were the cause of the reported (false negative) issue.

In addition, there is a separate change that is independent of the above: later today we are publishing a change to the Windows QIDs based on new information from Microsoft. The change should fix an issue where we were seeing some false positives. Details of this change will be added to the QID Changelog, which users can see in the details of the relevant QIDs in the KnowledgeBase.

Here is Spectre and Meltdown . 

Windows 10 Fall Creators Update is receiving KB4056892 (Build 16299.192)

Is there a text or CSV version of this list?

You can create the list by searching "Spectre" in the KnowledgeBase. You can then download a CSV version by clicking New -> Download. 

This Support article also lists the relevant QIDs for Meltdown and Spectre:

Debra M. Fezza Reed (Qualys, Inc)

darin.lory below are the steps to produce a list of QIDs associated with Spectre/Meltdown for download to csv (as you requested above).  Please keep in mind, using a dynamic search list is always best and returns the most current VulnSig results.  There's a quick video you can view on how to create dynamic search lists.  In the video, the moderator refers to reporting, but the same applies to targeted scanning as well:   Filter Your Reports Using Search Lists | Qualys, Inc.  .  Please let us know if you have any questions.

• Log into Qualys and navigate to Knowledge Base > Click the "Search" button on the left. (1)
• Paste the following into the search window, next to CVE ID:  CVE-2017-5715, CVE-2017-5753, CVE-2017-5754,  then click "Search".  (2 & 3)
• Then click "New" in the upper left, followed by "Download".  (4 & 5)
• A new window will pop-up, select CSV (or XML) and then click "Download".  (6 & 7)

Abner Almeida

So far, only QIDs for Red Hat, Suse and VMware ESXi. Any news on QIDs for windows systems?

Any update on when windows QIDs will be available?

Craig Kagawa

Windows QIDs will be available tonight. They will be part of release version VULNSIGS-2.4.234-3.

Thanks Craig!

Daniel Crookes

Are these Windows QIDs working for anyone yet? Our signatures are updated, and we also run the cloud agent, but nothing being flagged for these QIDs so far.

Ravindra Bhandari

Even I tried, it doesn't result in any findings as of now.

It seems still some work needed on those QID. scanning entire estate will be useless untill get it working on some smaller set.

Chris Johnson

same here, no assets found using the new QID. I'm running the cloud agent if that helps.

Support and our signatures teams are investigating the issues reported in this thread, and we'll update when we have info.

I've re-launched some scans and, now, QIDs 91426, 91423 and 100326 seem to be working fine

Chris Jones

Unless i'm mistaken, the QIDs now exist - 91423, 91424,91425 and 91426. A more comprehensive list can be seen in a search as detailed by Robert. However, we are still showing as "No assets affected" which is worrying as we know we need the updates as well as all the other bits referred to by Microsoft.

Currently you can find 45 QIDs for it.

How to create a report to see hosts for CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754? Asset Search is not an option because of 20+ QIDs.

Ian Glennon (Qualys)

You can create a Search List, either Dynamic or Static, which includes only those QIDs.  That can be used in a Report Template to constrain the report to only those QIDs in the Search List.

Ian, is there any word from Qualys on the Windows QID detections working or not? Is there a recognised issue with them or are the people report here facing another issue? Thanks.

It's not something I have visibility of so unfortunately I can't really comment.

Thank you Ian. I'm going with Dynamic Search List definitely.

Alternatively you should also be able to do an asset search with the following format, adding in as many QIDs you want:

vulnerabilities.vulnerability:(qid:91345 or qid:91360)

The above search string was taken from the pre-build "WannaCry Shadow Brokers" dashboard.

Yeah... I was trying to use query

vulnerabilities.vulnerability.cveIds:CVE-CVE-2017-5715 or vulnerabilities.vulnerability.cveIds:CVE-2017-5753 or vulnerabilities.vulnerability.cveIds:CVE-2017-5754

in AssetView module, but it returned less hosts than Asset Search report from Vulnerability Management.

I'm thinking we all have multiple ways of searching for our exposure to these vulnerabilities by QID, CVE and probably more but how many people are experiencing a ZERO Assets affected yet they know for certain (As we do here) that we are vulnerable to it?

Zero hosts are found with that query. Seems like asset view is not working properly or hasn't been updated for the Spectre QIDs. The hosts do show the QID's when performing a vulnerability scan though.

One of the Microsoft QID's (91423) has different CVE's that all the rest of the Spectre/Meltdown QID's. This is why my Dynamic SL for each CVE is not picking it up. I created another one that searches for ADV180002 in the Title field as this will pick them all up. Yes, there will be duplicates as other MS QID's do not have this typo but I'd rather have that then missing one or more.

Also, if you want a quicker scan I have had luck with doing a targeted port scan with Auth included on TCP ports 22,445,137,139,80,443 only and am getting back all the current Meltdown/Spectre QID's that I would with a standard port scan so far. I don't have VMware authentication so I need the web ports to pull the version/build from the web interface but if you have VMware Auth you may not need those but can't confirm. So a scan containing 4 SL's 1 for each CVE then 1 for the MS Bulletin with only above ports w/ Auth gets you all the relevant QID's with a much faster turnaround time. Hope this helps!

Jimmy Graham (Qualys Inc)

The CVEs should be fixed now.

Just tested with one host after running a scan against that host and asset View is showing the results.

I'm seeing results now running the same query in Asset search with the cloud agents but right now only servers are reporting back, I will give it 4 more hours to see if start seeing more results.

vulnerabilities.vulnerability.title: spectre

Meltdown - Windows:   

vulnerabilities.vulnerability.cveIds:CVE-2017-5754 and operatingSystem:Windows

Spectre - Windows:   

vulnerabilities.vulnerability.cveIds:(CVE-2017-5753 or CVE-2017-5715) and operatingSystem:windows

Shyam (Qualys)

Adding to the suggestions posted earlier, Qualys just released an out-of-the-box AssetView dashboard to visualize Spectre and Meltdown vulnerabilities in your environment.

More on it here:  Visualizing Spectre and Meltdown: How to Configure Dashboards in AssetView

I just run another scan for my windows assets however result is same, no host found vulnerable. This is strange. None of 5 windows QID are found anything triggering. My scanner is on latest signature 2.4.234-7. So despite of 55 signtaure, no windows detection yet.

Surprisingly the cloud agents are able to detect this but vulnerability scanner is failing.

Anyone else observed similar behavior....

Sounds like authentication could be an issue. Did you launch the scan as an authenticated scan?

If yes, please run an authentication report ( Reports > Reports > New > Authentication Report ) to verify that authentication was successful.

No difference, authentication passed but scan reports are empty only.

My list selected using 3 CVE ID which now have 55 QID however for Microsoft patches it still zero results.

looks like there is a requirement to manually address server regkeys on top of patching efforts:

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution  

Does it apply for all Windows Server versions? Or only 2008?

To my reading, this article,  https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution , indicates other versions as well.

How is Qualys performing these checks for each CVE and QID, exactly?

I'm asking because we've got in some cases in which our Windows team applied the patches and Qualys still detects the server as vulnerable. For example, this server:

For this QID, the description is:

Our Windows team applied the KB4056897.

But Qualys still detects this server as vulnerable, as shown in the first picture.

And, in fact, both those Registry Keys don't exist in the server, as follows:

So, the patch is applied, and the server is still vulnerable?

We are happy to assist with the false positive inquiry. Please open a support case, via  Contact Support - Technical Assistance Inquiry Form | Qualys, Inc. , with the details shared in your post along with authenticated scan results for an example host. 

tsyst_aa4 :  Please be advised applying the MS patches to Windows Server is only one step in the process of correction.  The MS patches do not create the registry entries required to remediate this vulnerability.

I strongly recommend reading:

• Processor Vulnerabilities €“ Meltdown and Spectre  
• January Patch Tuesday €“ Meltdown/Spectre, 16 Critical Microsoft Patches, 1 Adobe Patch  
• Webcast: Avoid Meltdown from the Spectre | Qualys, Inc.  
• Meltdown / Spectre Mitigation Is a Work in Progress  
• Meltdown/Spectre and Qualys Cloud Platform  

Monitoring your potential exposure:

• Visualizing Spectre/Meltdown Impact and Remediation Progress  

Seems VMware updated their list of vulnerable/non-vulnerable:

VMware Knowledge Base  

Is Qualys going to update their QID's accordingly?

What about Qualys physical scanners/appliances? Are they also vulnerable for Spectre and Meltdown?

Physical scanner appliances are not vulnerable to Spectre/Meltdown; virtual scanner appliances should be patched per vendor recommendations.  See details at Meltdown/Spectre and Qualys Cloud Platform .

Mahmut Faruk Dag

Hello does this scan (all spectre/meltdown) qids are authenticated or not? Is there a possibility to find those vulns without authentication ?

mahmutfdag : 

As of the writing of this response, all of the QIDs associated with Spectre/Meltdown do  indeed require authenticated scanning, because of the files types that must be assessed to confirm whether or not the vulnerability exists.

Unauthenticated scanning will not report the QIDs associated with Spectre/Meltdown due to the nature of the detection requirements.  However, unauthenticated scan results still have value for manual assessment for Spectre/Meltdown by querying the processor information.  For additional information, please visit  Processor Vulnerabilities €“ Meltdown and Spectre . 

Spectre/Meltdown CVEs: CVE-2017-5754, CVE-2017-5753, CVE-2017-5715

Qualys Response to Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715)

Processor Vulnerabilities – Meltdown and Spectre

Description.

UPDATE 1/4/2018: Qualys has released several QIDs for detecting missing patches for these vulnerabilities. UPDATE 1/5/2018: [Pre-built AssetView dashboards](<https://blog.qualys.com/technology/2018/01/05/visualizing-spectre-meltdown-impact-and-remediation-progress>) to visualize impact and remediation progress. Vulnerabilities potentially impacting all major processor vendors were [disclosed today](<https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html>) by Google Project Zero. These vulnerabilities have been named [Meltdown](<https://meltdownattack.com/>) (CVE-2017-5754) and [Spectre](<https://spectreattack.com/>) (CVE-2017-5753 & CVE-2017-5715). Organizations should inventory their systems by processor type, apply vendor patches as they become available, and track their progress. This article describes how Qualys can help in all three areas. ### Overview Meltdown allows any application to access all system memory, including memory allocated for the kernel. Mitigation for this vulnerability will require operating system patches and potentially firmware updates. Patches for this vulnerability may have a performance impact on systems. So far, only Intel chips and one ARM processor have been shown to be vulnerable. ARM has also discovered [another variant](<https://developer.arm.com/support/security-update>) (3a), which is similar to Meltdown and impacts several more of their processors. Spectre allows an application to force another application to access arbitrary portions of its memory, which can then be read through a side channel. This vulnerability will require microcode updates in order to fully mitigate, in addition to software patches. According to Google Project Zero, this vulnerability impacts Intel, AMD, and ARM chips. ### Mitigations Microsoft has [issued patches](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002>) for all supported versions of Windows. Microsoft has also issued a [guidance document](<https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe>) for mitigations on client devices, and [another](<https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution>) for Windows servers. Please note that the patches released by Microsoft may be [incompatible](<https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released>) with certain antivirus software. Microcode updates have been [released by Intel](<https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/>) to mitigate Spectre, and several Linux distributions have packaged the microcode in standard OS patches. It is not yet known if Microsoft will release microcode updates via Windows Update. Hardware vendors are expected to release the new microcode in the form of BIOS updates. MacOS 10.13.2 mitigates some of the disclosed vulnerabilities, but MacOS 10.13.3 will enhance or complete these mitigations. Processor vendor links: [https://newsroom.intel.com/news/intel-responds-to-security-research-findings/ ](<https://newsroom.intel.com/news/intel-responds-to-security-research-findings/>)[https://www.amd.com/en/corporate/speculative-execution ](<https://www.amd.com/en/corporate/speculative-execution>)[https://developer.arm.com/support/security-update](<https://developer.arm.com/support/security-update>) Other software vendor patches: [https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html ](<https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html>)<https://access.redhat.com/security/vulnerabilities/speculativeexecution>[ ](<https://access.redhat.com/security/vulnerabilities/speculativeexecution>)<https://www.suse.com/support/kb/doc/?id=7022512> ### Customers with Qualys Vulnerability Management Qualys has released several QIDs that detect missing patches for these vulnerabilities across several operating systems. A list of currently-released QIDs is being maintained in this [Qualys Support article](<https://qualys.secure.force.com/articles/How_To/000002746>). The QIDs are supported by both authenticated scanning and the [Qualys Cloud Agent](<https://www.qualys.com/cloud-agent/>). To determine processor type, you can search the results of these QIDs: * QID 43113 : Processor Information for Windows Target System * QID 43110 : Apple Macintosh Processor Architecture * QID 115048 : Processor Information for Unix Target * QID 45177 : Processor Information for Solaris Target The [Qualys Cloud Agent](<https://www.qualys.com/cloud-agent/>) can be used to determine processor types by searching with AssetView on the processors.description field like this: processors.description:intel or processors.description:amd The results can also be grouped by processor type:  ### Get Started Now To start detecting and protecting against critical vulnerabilities, get a [Qualys Suite trial](<https://www.qualys.com/forms/trials/suite?utm_source=blog&utm_medium=website&utm_campaign=demand-gen&utm_term=petya-q2-2017&utm_content=trial&leadsource=344554400>). All features described in this article are available in the trial.

Security Bulletin: Aspera Products and the Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)

Security Bulletin: PowerKVM has released updates in response to the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM Security Access Manager Appliance has released a fix in response to the vulnerabilities known as Spectre and Meltdown

Security Bulletin: IBM Spectrum Protect Plus has released instructions for obtaining an update in response to the vulnerabilities known as Spectre and Meltdown

Security Bulletin: IBM Security Identity Manager has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM PurePower Integrated Manager has released instructions in response to the vulnerabilities known as Spectre and Meltdown

Security Bulletin: IBM QRadar Network Security has released fixpack in response to the vulnerabilities known as Spectre and Meltdown

Security Bulletin: IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown

Security Bulletin: IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM QRadar SIEM has released 7.3.1 Patch 4, and 7.2.8 Patch 13 in response to the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM MessageSight V1.2 has released 1.2.0.3-IBM-IMA-IFIT24219 in response to the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM Resilient recommends the underlying operating system on Resilient servers be upgraded in response to the vulnerabilities known as Spectre and Meltdown (CVE-2017-5753,CVE-2017-5715 CVE,CVE-2017-5754)

Action required for IBM MQ on AWS Quick Start for security vulnerabilities in Ubuntu.

Security Bulletin: IBM Security Identity Governance and Intelligence has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown

Security Bulletin: IBM QRadar Network Packet Capture has released 7.3.1 Patch 1, and 7.2.8 Patch 1 in response to the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM StoredIQ has released Interim Fix 7.6.0.14-IBMStoredIQ_IF001 in response to the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM Security QRadar Packet Capture has released 7.3.1 Patch 1, and 7.2.8 Patch 4 in response to the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM Security Guardium has released patch in response to the vulnerabilities known as Spectre and Meltdown

Security Bulletin: IBM Aspera Platform On Demand, IBM Aspera Server On Demand, IBM Aspera Faspex On Demand, IBM Aspera Shares On Demand, IBM Aspera Transfer Cluster Manager is affected by the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM Cloud Private has released a patch in response to the vulnerabilities known as Spectre and Meltdown(CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754)

Security Bulletin: IBM Security SiteProtector Appliance has released firmware 1. 26 (for SP3001) and firmware 2.13 (for SP4001) in response to the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM API Connect has released 5.0.8.2 iFix in response to the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM Security Directory Suite has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM Master Data Management on Cloud is affected by vulnerabilities known as Spectre and Meltdown

Security Bulletin: IBM StoredIQ for Legal has released Interim Fix 2.0.3.3-IBM-SIQ4L-IF001 in response to the vulnerabilities known as Spectre and Meltdown.

Security Bulletin: IBM Cloud Manager is affected by the vulnerabilities known as Spectre and Meltdown

Security Bulletin: IBM Security Privileged Identity Manager has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown.

RHEL 6 : kernel (RHSA-2018:0512) (Meltdown) (Spectre)

NVIDIA Linux GPU Display Driver 384.x < 384.111 / 390.x < 390.12 Multiple Vulnerabilities (Meltdown)(Spectre)

Virtuozzo 6 : cpupools / cpupools-features / etc (VZA-2018-006)

EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2019-1637)

NVIDIA Windows GPU Display Driver 384.x / 385.x / 386.x < 386.07 / 390.x < 390.65 Multiple Vulnerabilities (Meltdown)(Spectre)

Ubuntu 17.10 : Linux kernel vulnerabilities (USN-3597-1) (Meltdown) (Spectre)

RHEL 7 : kernel (RHSA-2018:0182) (Meltdown) (Spectre)

RHEL 7 : kernel (RHSA-2018:0009) (Meltdown) (Spectre)

Ubuntu 16.04 LTS : linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities (USN-3541-2) (Meltdown) (Spectre)

EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1002)

AIX 6.1 TL 9 : spectre_meltdown (IJ03030) (Meltdown) (Spectre)

Ubuntu 17.10 : linux vulnerabilities (USN-3541-1) (Meltdown) (Spectre)

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0069-1) (Meltdown) (Spectre)

AIX 7.1 TL 5 : spectre_meltdown (IJ03033) (Meltdown) (Spectre)

AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)

EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1236)

RHEL 6 : kernel (RHSA-2018:0011) (Meltdown) (Spectre)

Ubuntu 16.04 LTS : linux, linux-aws, linux-euclid vulnerabilities (USN-3540-1) (Meltdown) (Spectre)

EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1001)

Virtuozzo 7 : crit / criu / criu-devel / ksm-vz / libcompel / etc (VZA-2018-003)

RHEL 6 : kernel (RHSA-2018:0496) (Meltdown) (Spectre)

Scientific Linux Security Update : kernel on SL7.x x86_64 (20180103) (Meltdown) (Spectre)

OracleVM 3.4 : xen (OVMSA-2018-0006) (Meltdown) (Spectre)

AIX 7.1 TL 4 : spectre_meltdown (IJ03032) (Meltdown) (Spectre)

RHEL 7 : kernel-rt (RHSA-2018:0016) (Meltdown) (Spectre)

RHEL 6 : kernel (RHSA-2018:0020) (Meltdown) (Spectre)

F5 Networks BIG-IP : Side-channel processor vulnerabilities (K91229003) (Meltdown) (Spectre)

AIX 7.2 TL 0 : spectre_meltdown (IJ03034) (Meltdown) (Spectre)

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0114-1) (Meltdown) (Spectre)

RHEL 7 : rhvm-appliance (RHSA-2018:0045) (Meltdown) (Spectre)

RHEL 6 : kernel (RHSA-2018:0008) (Meltdown) (Spectre)

OracleVM 3.2 : xen (OVMSA-2018-0029) (Meltdown) (Spectre)

CentOS 7 : kernel (CESA-2018:0007) (Meltdown) (Spectre)

Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-002)

AIX 7.2 TL 1 : spectre_meltdown (IJ03035) (Meltdown) (Spectre)

Xen Multiple Vulnerabilities (Spectre) (Meltdown) (XSA-254)

Oracle Linux 6 : kernel (ELSA-2018-0512) (Meltdown) (Spectre)

RHEL 6 : kernel (RHSA-2018:0017) (Meltdown) (Spectre)

RHEL 6 / 7 : rhev-hypervisor7 (RHSA-2018:0046) (Meltdown) (Spectre)

RHEL 7 : redhat-virtualization-host (RHSA-2018:0044) (Meltdown) (Spectre)

RHEL 7 : kernel (RHSA-2018:0010) (Meltdown) (Spectre)

AIX 5.3 TL 12 : spectre_meltdown (IJ03029) (Meltdown) (Spectre)

RHEL 6 : MRG (RHSA-2018:0021) (Meltdown) (Spectre)

Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3597-2) (Meltdown) (Spectre)

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0113-1) (Meltdown) (Spectre)

SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0131-1) (Meltdown) (Spectre)

CentOS 6 : kernel (CESA-2018:0008) (Meltdown) (Spectre)

Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox vulnerabilities (USN-3516-1) (Meltdown) (Spectre)

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180103) (Meltdown) (Spectre)

RHEL 5 : kernel (RHSA-2018:0292) (Meltdown) (Spectre)

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180313) (Meltdown) (Spectre)

Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3540-2) (Meltdown) (Spectre)

EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2019-1638)

SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0171-1) (Meltdown) (Spectre)

RHEL 7 : kernel (RHSA-2018:1129) (Meltdown) (Spectre)

RHEL 6 : kernel (RHSA-2018:0022) (Meltdown) (Spectre)

RHEL 6 : kernel (RHSA-2018:0018) (Meltdown) (Spectre)

RHEL 7 : kernel (RHSA-2018:0007) (Meltdown) (Spectre)

RHEL 7 : redhat-virtualization-host (RHSA-2018:0047) (Meltdown) (Spectre)

Oracle Linux 6 : kernel (ELSA-2018-0008)

Processor Speculative Execution Vulnerabilities (Linux)

Oracle Linux 7 : kernel (ELSA-2018-0007)

ADV180002: Microsoft SQL Server January 2018 Security Update (Meltdown) (Spectre)

CentOS 6 : kernel (CESA-2018:0512) (Meltdown) (Spectre)

Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, and Tegra K1 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities

Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities

Security Bulletin: NVIDIA GeForce Experience (GFE) Security Updates for CPU Speculative Side Channel Vulnerabilities

Security Bulletin: NVIDIA Jetson TX2 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities

Security Notice: CPU Speculative Side Channel Vulnerabilities

Security Bulletin: NVIDIA SHIELD Tablet Security Updates for CPU Speculative Side Channel Vulnerabilities

Security Bulletin: NVIDIA SHIELD TV Security Updates for CPU Speculative Side Channel Vulnerabilities

Updated nvidia-current packages mitigates security issues

(RHSA-2018:0009) Important: kernel security update

(RHSA-2018:0091) Important: Red Hat CloudForms 4.5 security update

(RHSA-2018:0089) Important: Red Hat CloudForms 4.1 security update

(RHSA-2018:0016) Important: kernel-rt security update

(RHSA-2018:0020) Important: kernel security update

(RHSA-2018:0496) Important: kernel security and bug fix update

(RHSA-2018:0022) Important: kernel security update

(RHSA-2018:0047) Important: redhat-virtualization-host security update

(RHSA-2018:0182) Important: kernel security and bug fix update

(RHSA-2018:0018) Important: kernel security update

(RHSA-2018:0011) Important: kernel security update

(RHSA-2018:0017) Important: kernel security update

(RHSA-2018:0044) Important: redhat-virtualization-host security update

(RHSA-2018:0021) Important: kernel-rt security update

(RHSA-2018:0008) Important: kernel security update

(RHSA-2018:0007) Important: kernel security update

(RHSA-2018:0046) Important: rhev-hypervisor7 security update

(RHSA-2018:0045) Important: rhvm-appliance security update

(RHSA-2018:0010) Important: kernel security update

(RHSA-2018:0512) Important: kernel security and bug fix update

(RHSA-2018:0090) Important: Red Hat CloudForms 4.2 security update

(RHSA-2018:0292) Important: kernel security update

(RHSA-2018:0092) Important: Red Hat CloudForms 4.0 security update

Reading privileged memory with a side-channel (Meltdown & Spectre)

Security Advisory - CPU Vulnerabilities Meltdown and Spectre

Security Advisory - CPU Vulnerabilities 'Meltdown' and 'Spectre'

Ubuntu Update for linux USN-3540-1

Ubuntu Update for linux-azure USN-3541-2

CentOS Update for kernel CESA-2018:0512 centos6

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1637)

Microsoft Windows Speculative Execution Side-Channel Vulnerabilities (KB4073291)

Ubuntu Update for linux USN-3541-1

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1236)

RedHat Update for kernel RHSA-2018:0008-01

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1638)

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1002)

Ubuntu Update for linux USN-3597-1

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1001)

Ubuntu Update for linux-aws USN-3540-2

RedHat Update for kernel RHSA-2018:0007-01

Ubuntu Update for firefox USN-3516-1

Huawei Data Communication: CPU Vulnerabilities 'Meltdown' and 'Spectre' (huawei-sa-20180606-01-cpu)

Ubuntu Update for linux-hwe USN-3597-2

Mozilla Firefox Security Updates(mfsa_2018-01_2018-01)-Windows

Mozilla Firefox Security Updates(mfsa_2018-01_2018-01)-MAC OS X

CentOS Update for kernel CESA-2018:0008 centos6

CVE-2017-5715

Security update for the Linux Kernel (important)

Linux kernel (Xenial HWE) vulnerabilities

Linux kernel (HWE) vulnerabilities

Linux kernel vulnerabilities

Firefox vulnerabilities

Reading Privileged Memory with a Side Channel - Lenovo Support US

Reading Privileged Memory with a Side Channel - US

Experts Weigh In On Spectre Patch Challenges

Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts

Google Releases Spectre PoC Exploit For Chrome

Security Advisory 0031

Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 3.10.0-693.11.6.vz7.40.4, Virtuozzo 7.0 Update 6 Hotfix 3 (7.0.6-710)

Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 2.6.32-042stab127.2, Virtuozzo 6.0 Update 12 Hotfix 20 (6.0.12-3690)

Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 2.6.32-042stab127.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

Important product update: Fixes for Meltdown and Spectre exploits in virtual machines; Virtuozzo 6.0 Update 12 Hotfix 21 (6.0.12-3698)

Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754

Apple in the InfoSec Spotlight, as GitHub Falls Prey to Amplified DDoS Attack

Meltdown/Spectre and Qualys Cloud Platform

Meltdown and Spectre Aren’t Business as Usual

Meltdown / Spectre: New Concerns Over Intel Patches, as Hackers Test Exploits

Meltdown/Spectre: Intel Nixes Patches, Tech CEOs Questioned on Information Blackout

VMware Virtual Appliance updates address side-channel analysis due to speculative execution

Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability

SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability

Meltdown and Spectre fallout: patching problems persist

Meltdown and Spectre: what you need to know

CPU Side-Channel Information Disclosure Vulnerabilities

kernel, perf, python security update

Spectre-Meltdown-Checker - Spectre & Meltdown Vulnerability/Mitigation Checker For Linux

USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Information about Meltdown and Spectre findings

IT threat evolution Q1 2018

[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors

Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

kernel security update

Unbreakable Enterprise kernel security update

Meltdown and Spectre vulnerabilities

Meltdown and Spectre

Reading privileged memory with a side-channel

Information leak via side effects of speculative execution

CPU hardware vulnerable to side-channel attacks

Qualys minimizes vulnerability risk for organizations with new remediation feature

Qualys announced it is adding advanced remediation to the Qualys Cloud Platform, enabling organizations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software.

The result is improved efficiency by eliminating the need to use multiple products and agents and a more comprehensive approach to remediation.

Timely and comprehensive remediation of vulnerabilities is critical for maintaining good security hygiene and proactive risk management. Yet, organizations struggle to remediate quickly due to multiple factors including ambiguity between IT and Security on process ownership, especially when the action requires sophistication beyond the deployment of a simple patch. For example, to remediate the Spectre/Meltdown vulnerability, a configuration change is required in addition to deploying the patch.

Further, some vulnerabilities need a registry key change without a patch, while others need a proprietary patch or an update to custom software to remediate. The lack of clarity between vulnerability detection logic and potential remediation complexity due to the need for multiple tools increases the struggle IT and security teams face.

“Fully remediating vulnerabilities goes beyond applying patches and can often require multiple tools and approaches based on the type of vulnerability,” said Richard Hallade, IT Security Officer of Red Cross Luxembourg. “The new advanced remediation feature allows us to expedite remediation as we can rectify configuration issues and execute advanced patch jobs such as identifying various Windows 10 versions throughout our global environment, all with a single app and agent.”

Qualys Patch Management seamlessly integrates with Qualys Vulnerability Management, Detection and Response (VMDR) to remediate vulnerabilities by deploying patches or applying configuration changes on any device regardless of its location. The new remediation feature allows teams to use one application to detect, prioritize and fix vulnerabilities regardless of the remediation method required.

“In this Log4Shell and Pwnkit era, organizations must be extra vigilant and patch weaponized vulnerabilities without delay, which requires efficiency and rapid remediation,” said Sumedh Thakar, president and CEO of Qualys. “Qualys Advanced Remediation increases efficiency by using one application to comprehensively remediate vulnerabilities. Regardless of whether they need configuration changes or deployment of scripts and proprietary software patches – eliminating the need to use multiple products and agents to improve response times is a critical success factor in strengthening enterprises’ cyber defenses.”

The new capabilities enable organizations to:

Remediate vulnerabilities related to configuration changes : Teams can patch and update configurations to remediate all Windows -based vulnerabilities from one console and workflow. For example, they can use Qualys to deploy the relevant patches and make the required registry changes to remediate the Spectre/Meltdown vulnerability.

Deploy and patch any Windows OS-based software to any device : Qualys Patch Management can deploy or patch any windows-based application no matter if it is on-premises, in the cloud or a remote location. The Qualys Cloud Agent can push any software to all target devices, such as deploying proprietary patches to all WFH users.

Support complex patch deployments and environments : Allows the deployment of patches and configuration changes in complex environments with elaborate workflows and dependencies. For example, Qualys leveraged this feature to create a script for customers that removes the JndiLookup class related to Log4Shell, which quickly eliminates the vulnerability libraries from all systems.

Availability

Qualys Patch Management with new remediation features is available immediately.

Featured news

• Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198)
• Compromised Skype accounts deliver DarkGate malware to employees
• Microsoft announces AI bug bounty program
• eBook: 9 Ways to Secure Your Cloud App Dev Pipeline
• Free entry-level cybersecurity training and certification exam
• Guide: Attack Surface Management (ASM)
• DIY attack surface management: Simple, cost-effective and actionable perimeter insights
• How organizations can combat rising cloud costs with FinOps