News
On January 4th a set of vulnerabilities in the Intel chip architecture have surfaced. These vulnerabilities have been given the names Meltdown and Spectre. The vulnerabilities make it possible for programs to read portions of other programs that are loaded into the machine's memory. This way information can be unfairly read.
The vulnerabilities are officially registered with these corresponding numbers:
Spectre:
CVE-2017-5715 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715)
CVE-2017-5753 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753)
Meltdown:
CVE-2017-5754 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754)
The researchers, who published the bugs, are still working on the risk assessment. This assessment will be published on the following links:
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-5715
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-5753
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-5754
At this very moment no patch or mitigating action is available. MCX is following the news on this matter very closely. Once a solution is made available, MCX will inform its customers and will propose an action plan.
If you have additional questions please contact MCX at +31555260670 and ask for our Security Officer.
Meltdown and Spectre vulnerabilities
04-01-2018The vulnerabilities are officially registered with these corresponding numbers:
Spectre:
CVE-2017-5715 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715)
CVE-2017-5753 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753)
Meltdown:
CVE-2017-5754 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754)
The researchers, who published the bugs, are still working on the risk assessment. This assessment will be published on the following links:
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-5715
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-5753
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2017-5754
At this very moment no patch or mitigating action is available. MCX is following the news on this matter very closely. Once a solution is made available, MCX will inform its customers and will propose an action plan.
If you have additional questions please contact MCX at +31555260670 and ask for our Security Officer.