Meltdown/Spectre vulnerability update information
CCIT Staff,
Office of Information Security
January 23, 2018
By now you have probably heard of the “Meltdown” and “Spectre” computer vulnerabilities, two serious security flaws that have been found within computer processors. The vulnerabilities could allow hackers to steal sensitive data without users knowing, one of them affecting chips made as far back as 1995. In an effort to keep the campus community safe, all CCIT-managed desktop and laptop computers have been directed to update with the appropriate patches. As more is discovered about these vulnerabilities, it is likely that more patching will be required. We will keep you up to date on these patches as we are made aware of them. For computers not managed by CCIT, here are some steps you can take to protect against these flaws.
1/23 Update:
Along with macOS High Sierra 10.13.3, Apple this morning released two new security updates that are designed to address the Meltdown and Spectre vulnerabilities on machines that continue to run macOS Sierra and OS X El Capitan.
As outlined in Apple’s security support document, Security Update 2018-001 available for macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 offers several mitigations for both Meltdown and Spectre, along with fixes for other security issues, and the updates should be installed immediately.
1/16 Update:
Vendors are now providing links to BIOS updates on their respective websites. For a list of Dell machines, click here. Lenovo is providing updates here.
For other hardware manufactures, Bleeping Computer is providing an up to date list on their website: https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-for-the-meltdown-and-spectre-patches/
Windows desktops and laptops:
- Make sure you’re running the latest Trend Micro antivirus available from CCIT. If you’re not using Trend and using another antivirus software, you’ll need to check your antivirus website to ensure your product is compatible with the updates.
- Check for and apply any critical Windows Updates – this will update Windows as well as Internet Explorer and Microsoft Edge browsers.
- Update your other internet browsers such as Chrome and Firefox to the latest versions.
- As vendor specific (Dell, Lenovo, HP) BIOS updates are made available, they should be applied as well (see above). If you don’t know how to check for BIOS updates, contact the CCIT Support Center or your IT support staff.
- Windows users can read more information by searching “ADV180002” in a Google search page.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 (Website)
Apple desktops and laptops:
- Apple has patched against the Meltdown flaw in its most recent security updates for High Sierra (10.13.2).
- Older operating systems such as El Capitan and Sierra have not been updated.
- Update your other internet browsers such as Chrome and Firefox to the latest versions.
- We are anticipating that Apple will release security updates for older systems as well as for Spectre as soon as they are available.
Apple iOS (iPhone and iPad) – tvOS (Apple TV):
- Apple has pached iOS and tvOS against Meltdown in version 11.2. Please update your iPhone and Apple TV software if you’re running the latest versions.
- Apple will release updates for Safari soon to mitigate against Spectre.
- watchOS is not affected by either bug.
- Apple users can read more information by searching “HT208394” in a Google search page.
https://support.apple.com/en-us/HT208394 (Website)
Linux desktops and laptops:
- Various Linux distributors are releasing updated kernels to address vulnerabilities.
- Patches are currently available for RHEL 7, CentOS 7, Fedora 26/27, Debian Stretch, Arch Linix, and Gentoo Linux.
- Performing security updates available via your Linux package manager will install these patches.
Android (Android-based phones and tablets):
- Google is asking all Android users to update their systems to the latest security bulletin for the most protection.
- Android users can read more device specific information at the Google Security Blog.
https://source.android.com/security/bulletin/2018-01-01 (Website)
As always, if you need any help, you can contact the CCIT Support Center in person on the 2nd floor of Cooper Library, calling 864-656-3494, or by emailing ithelp@clemson.edu. More support information can be found at ccit.clemson.edu/support.
Notices
Forced Windows update on August 16, 2024
Outage of Multiple Clemson Applications, June 26, 2024
Changes To Clemson Email Quarantine
FCC/FEMA Emergency Alert System Test on October 4, 2023
Check the status of university systems on Status Hub
Security upgrades to impact email spam retrieval beginning July 12, 2023
Campus network and TikTok — July 10, 2023
Kronos to require log-in through Duo mobile application on July 21, 2023
PeopleSoft and Banner Outage on June 11, 2023
Upcoming changes to Google Workspace
Temporary restrictions to iROAR access – Nov. 30, 2022
Welcome Back: Important IT Updates for Faculty and Staff
Welcome Back: Important IT Updates for Students
Eduroam Update – July 15, 2022
New Student Laptop Models Available for 2024-2025