CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Meltdown and Spectre Side-Channel Vulnerabilities

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Wed, 03 Jan 2018 22:16:09 -0600
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:



Meltdown and Spectre Side-Channel Vulnerabilities [ 
https://www.us-cert.gov/ncas/current-activity/2018/01/03/Meltdown-and-Spectre-Side-Channel-Vulnerabilities ] 01/03/2018 
10:15 PM EST 
Original release date: January 03, 2018

US-CERT is aware of a set of security vulnerabilitiesknown as Meltdown and Spectrethat affect modern computer 
processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Users and administrators are encouraged to review Vulnerability Note VU#584653 [ https://www.kb.cert.org/vuls/id/584653 
], Microsoft's Advisory [ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 ], and Mozilla's 
blog post [ https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ ]for additional 
information and refer to their OS vendor for appropriate patches.

US-CERT is not aware of any active exploitation at this time and will provide additional information as it becomes 
available.

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Previous By Date Next
Previous By Thread Next

Current thread: