Major vulnerabilities named Meltdown and Spectre have emerged, impacting almost all modern microprocessors. These vulnerabilities allow programs to read data through the memory of other programs processed by the microprocessor. Normally, programs are not authorized to perform this.
An attacker could exploit the Meltdown and Spectre vulnerabilities to steal secret data used in other running programs like passwords, emails, documents, etc...
All recent Intel x86 microprocessors and some ARM-based microprocessors are affected. AMD microprocessors are not affected by the Meltdown vulnerability but are impacted by the variant one of the Spectre vulnerabilities.
Today, almost every system are using these microprocessors. It means that most systems are affected, including servers, desktops, laptops and mobile devices.
Cloud providers and hypervisors are also greatly impacted, as a virtual machine can possibly access to the memory of another virtual machine running in the same host, meaning that a malicious customer could steal other customer informations.
Details of the vulnerability
For customers using Dell appliances, BIOS updates are available to enhance the processors microcode helping the mitigation of the Spectre Variant 2 vulnerability:
- Update for R230 models
- Update for R630 models
- Updates for previous models (R620, R610, R220, R210, ...) are still in development. For more details about status and release dates, see the Dell Support page.
BIOS updates were removed by Dell due to stabilities issues after deploying the first patch.
For more details: http://www.dell.com/support/contents/us/en/04/article/product-support/self-support-knowledgebase/software-and-downloads/support-for-meltdown-and-spectre
The cloud provider for Cloud Protector has already deployed an update on his platform. Virtual machines for Cloud Protector will be updated soon.