Last Modified: Jan 11, 2018 @ 11:19:36

Nothing groundbreaking here, I am just collating advisories and press releases from vendors as I find them that relate to the recently disclosed issues regarding speculative execution side-channel vulnerabilities. This is also being referred to as Spectre (variants 1 & 2) and Meltdown (variant 3). If you have any additions/corrections, please let me know in the comments, and I’ll update this post.

Disclaimer: This is my personal blog & post. This post is not an official statement or communication from Microsoft. For Microsoft’s official guidance, please see the links in the “Microsoft” section below.

Research

Vendor	Info	Article
Google	Blog	https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
Google	GPZ Blog	https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Google	GPZ Bugtracker	https://bugs.chromium.org/p/project-zero/issues/detail?id=1272
Google	More Details	https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html
Researchers	Meltdown	https://meltdownattack.com/
Researchers	Spectre	https://spectreattack.com/

Microsoft

Title	Info	Article
Securing Azure customers from CPU vulnerability	Blog: Azure	https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer	Blog: Browsers	https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/
Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems	Blog: Terry Myerson	https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
Guidance for mitigating speculative execution side-channel vulnerabilities	Docs: Azure	https://docs.microsoft.com/en-us/azure/virtual-machines/windows/mitigate-se
Windows security updates released January 3, 2018, and antivirus software	KB: Antivirus	https://support.microsoft.com/help/4072699
Microsoft cloud protections against speculative execution side-channel vulnerabilities	KB: Cloud	https://support.microsoft.com/en-us/help/4073235/cloud-protections-speculative-execution-side-channel-vulnerabilities
Protecting your device against chip-related security vulnerabilities	KB: Consumer Devices	https://support.microsoft.com/en-us/help/4073229/windows-protect-device-against-chip-related-security-vulnerability
Protect your Windows devices against Spectre and Meltdown	KB: Devices	https://support.microsoft.com/en-us/help/4073757/protect-your-devices-against-spectre-meltdown
SQL Server guidance to protect against speculative execution side-channel vulnerabilities	KB: SQL Server	https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server
Surface Guidance to protect against speculative execution side-channel vulnerabilities	KB: Surface	https://support.microsoft.com/en-us/help/4073065/surface-guidance-for-customers-and-partners-protect-your-devices-again
Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities	KB: Windows Client	https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe
Windows Server guidance to protect against speculative execution side-channel vulnerabilities	KB: Windows Server	https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s
ADV180002: Guidance to mitigate speculative execution side-channel vulnerabilities	Security Advisory	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv180002

Advisories & Communications

CPU Makers

Vendor	Info	Article
AMD	Info Site	https://www.amd.com/en/corporate/speculative-execution
ARM	Processor Security Update	https://developer.arm.com/support/security-update
ARM	Whitepaper	https://armkeil.blob.core.windows.net/developer/Files/pdf/Cache_Speculation_Side-channels.pdf
ARM	Advisory	https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-6
ARM	Trusted Firmware Issue	https://github.com/ARM-software/tf-issues/issues/541
Intel	Press Release	https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
Intel	Security Advisory	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
Intel	Microsite for Side-Channel Analysis	https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html
Intel	Whitepaper	https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf
nVidia	Forums	https://forums.geforce.com/default/topic/1033210/nvidias-response-to-speculative-side-channels-cve-2017-5753-cve-2017-5715-and-cve-2017-5754/
nVidia	Security Advisory	http://nvidia.custhelp.com/app/answers/detail/a_id/4611/~/security-bulletin%3A-nvidia-gpu-display-driver-security-updates-for-speculative
RISC-V	Blog	https://riscv.org/2018/01/more-secure-world-risc-v-isa/

Hardware OEMs

Client OEMs

Vendor	Info	Article
HP	Security Advisory	https://support.hp.com/document/c05869091
Dell	Security Advisory	www.dell.com/support/meltdown-spectre
Lenovo	Security Advisory	https://support.lenovo.com/us/en/solutions/len-18282
Asus	Security Advisory	https://www.asus.com/News/YQ3Cr4OYKdZTwnQK
Acer		https://us.answers.acer.com/app/answers/detail/a_id/53104
VAIO		https://solutions.vaio.com/3316
Samsung		Pending
Fujitsu		http://www.fujitsu.com/global/support/products/software/security/products-f/jvn-93823979e.html
LG		Pending
Panasonic		https://pc-dl.panasonic.co.jp/itn/vuln/g18-001.html
Toshiba		https://support.toshiba.com/support/viewContentDetail?contentId=4015952
Huawei		Pending
Xiaomi		Pending

Server OEMs

Vendor	Info	Article
HPE	Security Advisory	http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html
Dell	Security Advisory	http://www.dell.com/support/article/us/en/04/sln308588/
Lenovo	Security Advisory	https://support.lenovo.com/us/en/solutions/len-18282
Huawei	Security Advisory	http://www.huawei.com/au/psirt/security-notices/huawei-sn-20180104-01-intel-en
Fujitsu	Security Advisory	http://www.fujitsu.com/global/support/products/software/security/products-f/jvn-93823979e.html
Cisco	Security Advisory	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
IBM	Blog	https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/

Other OEMs

Vendor	Info	Article
F5	Security Advisory	https://support.f5.com/csp/article/K91229003
Fortinet	Security Advisory	https://fortiguard.com/psirt/FG-IR-18-002
Juniper	Security Advisory	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10842&actp=METADATA
NetApp	Security Advisory	https://security.netapp.com/advisory/ntap-20180104-0001/
Raspberry Pi	Blog	https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/

Cloud Providers

Vendor	Article
AWS	https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Digital Ocean	https://blog.digitalocean.com/a-message-about-intel-security-findings/
Google	https://blog.google/topics/google-cloud/what-google-cloud-g-suite-and-chrome-customers-need-know-about-industry-wide-cpu-vulnerability/
IBM	https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/
Linode	https://blog.linode.com/2018/01/03/cpu-vulnerabilities-meltdown-spectre/
OVH	https://www.ovh.co.uk/news/articles/a2570.meltdown-spectre-bug-x86-64-cpu-ovh-fully-mobilised
Rackspace	https://blog.rackspace.com/rackspace-is-tracking-vulnerabilities-affecting-processors-by-intel-amd-and-arm
Scaleway / Online.net	https://blog.online.net/2018/01/03/important-note-about-the-security-flaw-impacting-arm-intel-hardware/

Virtualization

Vendor	Info	Article
Citrix		https://support.citrix.com/article/CTX231399
VMWare		https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
Xen	Advisory	https://xenbits.xen.org/xsa/advisory-254.html
Xen	FAQ	https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/

Operating Systems

Vendor	Info	Article
Apple	Apple Overview	https://support.apple.com/en-us/HT208394
Apple	High Sierra Update	https://support.apple.com/en-us/HT208397
CentOS	Security Advisory	https://lists.centos.org/pipermail/centos-announce/2018-January/022696.html
Debian		https://security-tracker.debian.org/tracker/CVE-2017-5754
Fedora		https://fedoramagazine.org/protect-fedora-system-meltdown/
Qubes		https://www.qubes-os.org/news/2018/01/04/xsa-254-meltdown-spectre/
RedHat	Security Advisory	https://access.redhat.com/errata/RHSA-2018:0010
RedHat		https://access.redhat.com/security/vulnerabilities/speculativeexecution
Suse		https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
Suse	CVE-2017-5753	https://www.suse.com/security/cve/CVE-2017-5753/
Suse	CVE-2017-5715	https://www.suse.com/security/cve/CVE-2017-5715/
Suse	CVE-2017-5754	https://www.suse.com/security/cve/CVE-2017-5754/
Ubuntu	KB	https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
Ubuntu	CVE-2017-5715	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5715.html
Ubuntu	CVE-2017-5753	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5753.html
Ubuntu	CVE-2017-5754	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5754.html
Wind River	Security Advisory	https://www.windriver.com/security/announcements/meltdown-spectre/

Browsers

Vendor	Info	Article
Google Chrome	Security Info	https://www.chromium.org/Home/chromium-security/ssca
Mozilla Firefox	Blog	https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
Apple Safari	Security Info	https://support.apple.com/en-us/HT208403
WebKit	Rendering Engine Info	https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/

Mobile Devices

Vendor	Info	Article
Android		https://source.android.com/security/bulletin/2018-01-01
Apple	iOS 11.2.2	https://support.apple.com/en-us/HT208401

Databases

Vendor	Article
Postgresql	https://www.postgresql.org/message-id/[email protected]
Oracle	Pending
MySQL	Pending

Antivirus

(Hat tip to Kevin Beaumont: https://twitter.com/GossiTheDog/status/948889660780175360 (Direct GDocs Link: https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true))

Vendor	Article
Ahnlab	http://www.ahnlab.com/kr/site/support/notice/noticeView.do?boardSeq=50125159
Avast	https://forum.avast.com/index.php?topic=212648.msg1439270#msg1439270
AVG	https://support.avg.com/answers#!/feedtype=SINGLE_QUESTION_DETAIL&dc=All&criteria=ALLQUESTIONS&id=9060N000000TrmmQAC
Avira	https://blog.avira.com/avira-compatible-with-the-new-microsoft-meltdown-update/
BitDefender (Consumer)	https://www.bitdefender.com/consumer/support/answer/9033/?icid=overlayccom_all_pagesmicrosoft_security_update_01_2018
BitDefender (Enterprise)	https://www.bitdefender.com/support/understanding-the-impact-of-meltdown-and-spectre-cpu-exploits-on-bitdefender-gravityzone-users-2072.html
CarbonBlack	https://www.carbonblack.com/2018/01/05/carbon-black-solutions-currently-compatible-major-os-vendor-patches-meltdown-spectre/
Cisco	https://supportforums.cisco.com/t5/sourcefire-documents/cisco-amp-for-endpoints-compatibility-with-windows-security/ta-p/3306874
Crowdstrike	https://twitter.com/CrowdStrike/status/948920096709337089
Cylance	https://www.cylance.com/en_us/blog/cylance-not-impacted-by-meltdown-or-spectre-vulnerabilities.html
Cyren	https://kb.cyren.com/av-support/index.php?/Knowledgebase/Article/View/429/0/important—hotfix-2018-01-for-f-prot-and-csam
Emsisoft	https://blog.emsisoft.com/2018/01/04/chip-vulnerabilities-and-emsisoft-what-you-need-to-know/
Endgame	https://www.endgame.com/blog/executive-blog/endgame-compatible-spectremeltdown-patches
ESET	https://www.eset.com/us/about/newsroom/corporate-blog-list/corporate-blog/meltdown-spectre-how-to-protect-yourself-from-these-cpu-security-flaws
FireEye	https://www.fireeye.com/blog/products-and-services/2018/01/fireeye-endpoint-security-agent-compatible-with-meltdown-update.html
Fortinet	http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=FD40946&sliceId=1&docTypeID=DT_KCARTICLE_1_1
F-Secure	https://safeandsavvy.f-secure.com/2018/01/04/meltdown-and-spectre-two-things-you-need-to-know/
G Data	https://www.gdatasoftware.com/blog/2018/01/30322-spectre-meltdown
Kaspersky	https://support.kaspersky.com/14042
MalwareBytes	https://blog.malwarebytes.com/security-world/2018/01/meltdown-and-spectre-what-you-need-to-know/
McAfee (Consumer)	http://service.mcafee.com/webcenter/portal/cp/home/articleview?locale=&articleId=TS102769
McAfee (Enterprise)	https://kc.mcafee.com/corporate/index?page=content&id=KB90167
Nyotron	https://nyotron.com/chipocalypse/
Palo Alto	https://live.paloaltonetworks.com/t5/Customer-Advisories/Information-about-Meltdown-and-Spectre-findings/ta-p/193878/jump-to/first-unread-message
Panda	https://www.pandasecurity.com/uk/support/card?id=100059
SentinelOne	https://www.sentinelone.com/blog/sentinelone-compatible-meltdown-spectre-fixes/
Sophos	https://community.sophos.com/kb/en-us/128053
Symantec	https://support.symantec.com/en_US/article.TECH248545.html
TotalDefense	https://www.totaldefense.com/
Trend Micro (Consumer)	https://esupport.trendmicro.com/en-us/home/pages/technical-support/1118996.aspx
Trend Micro (Enterprise)	https://success.trendmicro.com/solution/1119183-important-information-for-trend-micro-solutions-and-microsoft-january-2018-security-updates
VIPRE	https://businesssupport.vipre.com/support/solutions/articles/1000258536
Webroot	https://community.webroot.com/t5/Announcements/Microsoft-Patch-Release-Wednesday-January-3-2018/m-p/310146

SaaS

Vendor	Article
Salesforce	https://help.salesforce.com/articleView?id=Spectre-and-Meltdown-Vulnerabilities&language=en_US&type=1
1Password	https://blog.agilebits.com/2018/01/04/same-as-it-ever-was-theres-no-reason-to-melt-down/
Dropbox	Pending
BoxHQ	Pending

Other

Vendor	Info	Article
LLVM		http://lists.llvm.org/pipermail/llvm-commits/Week-of-Mon-20180101/513630.html
MITRE	CVE-2017-5715	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715
MITRE	CVE-2017-5753	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753
MITRE	CVE-2017-5754	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754

CERTS

CERT	Info	Article
CERT/CC		https://www.kb.cert.org/vuls/id/584653
US CERT		https://www.us-cert.gov/ncas/current-activity/2018/01/03/Meltdown-and-Spectre-Side-Channel-Vulnerabilities
US CERT	Technical Alert	https://www.us-cert.gov/ncas/alerts/TA18-004A
KISA		https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=26929
JP CERT		http://jvn.jp/vu/JVNVU93823979/
CERT FR		https://www.cert.ssi.gouv.fr/alerte/CERTFR-2018-ALE-001/
The BSI		https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/Sicherheitsluecken_in_Prozessoren_04012018.html
NCSC NL	Meltdown	https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2018-0010+1.02+Kwetsbaarheid+ontdekt+in+Intel-processoren+Meltdown.html
NCSC NL	Spectre	https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2018-0009+1.01+Kwetsbaarheden+in+processoren+ontdekt+Spectre.html
NCSC UK	Gudidance	https://www.ncsc.gov.uk/guidance/meltdown-and-spectre-guidance
NCSC UK	Home Users	https://www.ncsc.gov.uk/guidance/home-user-guidance-manage-processor-vulnerabilities-meltdown-and-spectre

Benchmarks & Performance Impacts

Benchmark Tests

Vendor	Info	Article
Phoronix	VM Performance Showing Mixed Impact with Linux 4.15 KPTI Patches	https://www.phoronix.com/scan.php?page=article&item=linux-kpti-kvm&num=1
Phoronix	Initial Benchmarks of the Performance Impact Resulting From Linux’s x86 Security Changes	https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=1
Phoronix	Further Analyzing The Intel CPU “x86 PTI Issue” on More Systems	https://www.phoronix.com/scan.php?page=article&item=linux-more-x86pti&num=1
Reddit	Discussion on Benchmarking	https://www.reddit.com/r/Amd/comments/7o0m37/requesting_benchmarks_on_amd_processors_before/
TechSpot	Testing Windows 10 Performance Before and After the Meltdown Flaw Emergency Patch	https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/
OSX Reverser	Measuring OS X Meltdown Patches Performance	https://reverse.put.as/2018/01/07/measuring-osx-meltdown-patches-performance/

Vendor Performance Assessments

Vendor	Info	Article
RedHat	Performance Impacts – Describing the performance impacts to security patches	https://access.redhat.com/articles/3307751
Google	Protecting our Google Cloud customers from new vulnerabilities without impacting performance	https://www.blog.google/topics/google-cloud/protecting-our-google-cloud-customers-new-vulnerabilities-without-impacting-performance/