CPU Hardware Vulnerable to Side-Channel Attacks

Last Updated: 01/05/2018

Security Notice Level

IMPORTANT

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Both Spectre and Meltdown take advantage of the ability to extract information from instructions that have executed on a CPU using the CPU cache as a side-channel. Patches are available for major operating systems including Microsoft, MacOS, and Linux. No known active exploits have been reported. To execute code locally, an attacker would require a valid account or other existing compromise of the victim host. Attacks using JavaScript in web browsers are possible. Given the nature of the vulnerability priority should be given to virtual infrastructure, virtual desktop infrastructure, and other multi-tenant systems.

Security Bulletin Name

Meltdown - Spector

Vulnerability Note VU#584653

Additional Information

Additional information about this vulnerability can be viewed at:

https://www.kb.cert.org/vuls/id/584653

If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu.

Important definitions for this notice:
Urgent: severity represents a broad threat to the entire campus community including remotely exploitable administrator or root type attacks.
Severe: severity includes worms & web or email based exploits.
Important: severity includes viruses and local exploits for commonly used services.