Meltdown/Spectre vulnerability update information

CCIT Staff, Office of Information Security
January 23, 2018

You may have heard about the "Meltdown" and Spectre computer vulnerabilities. CCIT offers some steps you can take to protect against these flaws.

By now you have probably heard of the “Meltdown” and “Spectre” computer vulnerabilities, two serious security flaws that have been found within computer processors. The vulnerabilities could allow hackers to steal sensitive data without users knowing, one of them affecting chips made as far back as 1995. In an effort to keep the campus community safe, all CCIT-managed desktop and laptop computers have been directed to update with the appropriate patches. As more is discovered about these vulnerabilities, it is likely that more patching will be required. We will keep you up to date on these patches as we are made aware of them. For computers not managed by CCIT, here are some steps you can take to protect against these flaws.

1/23 Update:

Along with macOS High Sierra 10.13.3, Apple this morning released two new security updates that are designed to address the Meltdown and Spectre vulnerabilities on machines that continue to run macOS Sierra and OS X El Capitan.

As outlined in Apple’s security support document, Security Update 2018-001 available for macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 offers several mitigations for both Meltdown and Spectre, along with fixes for other security issues, and the updates should be installed immediately.

1/16 Update:

Vendors are now providing links to BIOS updates on their respective websites. For a list of Dell machines, click here. Lenovo is providing updates here.

For other hardware manufactures, Bleeping Computer is providing an up to date list on their website: https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-for-the-meltdown-and-spectre-patches/

Windows desktops and laptops:

  • Make sure you’re running the latest Trend Micro antivirus available from CCIT. If you’re not using Trend and using another antivirus software, you’ll need to check your antivirus website to ensure your product is compatible with the updates.
  • Check for and apply any critical Windows Updates – this will update Windows as well as Internet Explorer and Microsoft Edge browsers.
  • Update your other internet browsers such as Chrome and Firefox to the latest versions.
  • As vendor specific (Dell, Lenovo, HP) BIOS updates are made available, they should be applied as well (see above). If you don’t know how to check for BIOS updates, contact the CCIT Support Center or your IT support staff.
  • Windows users can read more information by searching “ADV180002” in a Google search page.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 (Website)

Apple desktops and laptops:

  • Apple has patched against the Meltdown flaw in its most recent security updates for High Sierra (10.13.2).
  • Older operating systems such as El Capitan and Sierra have not been updated.
  • Update your other internet browsers such as Chrome and Firefox to the latest versions.
  • We are anticipating that Apple will release security updates for older systems as well as for Spectre as soon as they are available.

Apple iOS (iPhone and iPad) – tvOS (Apple TV):

  • Apple has pached iOS and tvOS against Meltdown in version 11.2. Please update your iPhone and Apple TV software if you’re running the latest versions.
  • Apple will release updates for Safari soon to mitigate against Spectre.
  • watchOS is not affected by either bug.
  • Apple users can read more information by searching “HT208394” in a Google search page.

https://support.apple.com/en-us/HT208394 (Website) 

Linux desktops and laptops:

  • Various Linux distributors are releasing updated kernels to address vulnerabilities.
  • Patches are currently available for RHEL 7, CentOS 7, Fedora 26/27, Debian Stretch, Arch Linix, and Gentoo Linux.
  • Performing security updates available via your Linux package manager will install these patches.

Android (Android-based phones and tablets):

  • Google is asking all Android users to update their systems to the latest security bulletin for the most protection.
  • Android users can read more device specific information at the Google Security Blog.

https://source.android.com/security/bulletin/2018-01-01 (Website)

As always, if you need any help, you can contact the CCIT Support Center in person on the 2nd floor of Cooper Library, calling 864-656-3494, or by emailing ithelp@clemson.edu. More support information can be found at ccit.clemson.edu/support.

 System Status

View Status Page

Skip Instagram Feed Skip to Instagram Feed Start