The Spectre and Meltdown vulnerabilities affect Intel, AMD, Qualcomm and ARM processors used by almost all computers. These hardware bugs allow programs to steal data which is currently processed on the computer. Apple, Google, Microsoft, VMware and other companies have released updates to patch these serious security flaws. Some vendors are still investigating which products are vulnerable. The Cisco security bulletin on these vulnerabilities (below) has a list of products which are vulnerable and a list which they are still testing.
It is going to be necessary for most organizations to patch workstations, servers, mobile devices, Virtualization software, and in some cases network infrastructure equipment. Some of the patches will cause performance issues so testing and caution is wise when applying these patches.
Some security vendors such as Cisco have released counter measures such as IPS signatures designed to catch the example exploits that have been published. While these are useful counter measures, they are not foolproof and patching is still suggested. Google, Mozilla, and other web browser companies have released updates that are designed to stop these exploits from being used from a web browser. These updates are also good counter measures but not as effective as patching.
There is are some inter-operability issues between the Microsoft patches for these vulnerabilities and many Anti-Virus programs. Therefore, an AV update may be necessary for the operating systems to work. Some AV vendors are instructing users to set a particular registry key so the Microsoft patch will install.
Below are some useful links from vendors which we work with that detail specifics about how these vulnerabilities affect their products.
If you have questions or need help with updates, please contact us at firstname.lastname@example.org