On Jan. 3, media reports surfaced regarding a vulnerability in Intel microprocessors going back at least a decade. As stated by Intel, these vulnerabilities could potentially allow malicious code running locally to improperly gather sensitive data from computing devices that are operating as designed. At this time, the vulnerability has been proven through research but there is no known exploits or attack code propagating the Internet.
Nearly all computers, servers, and data protection systems and appliances are affected. The level of impact may vary depending on the affected product and will require a software patch or in some cases, complete replacement of the processor.
Please note this issue is not related to the previously disclosed Intel ME/TXE vulnerability (https://www.intel.com/content/www/us/en/support/articles/000025619/software.html).
For more information, please refer to the research articles:
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
For a list of affected vendors, such as Dell, Apple, HP, Microsoft Surface, and Oracle, please see the following:
https://www.us-cert.gov/ncas/alerts/TA18-004A
We recommend everyone ensure their systems are actively running the latest malware signatures to protect against possible exploitation of these vulnerability attack methods. Updates will be deployed to domain systems once the vendor’s patch is available and tested. Please continue to check the above links for the most current information regarding this situation.
If you have any questions or concerns about this advisory, please contact IMS Information Security at 567-0707 and infosec@uthscsa.edu.