On January 3, 2018, we were informed of certain vulnerabilities to Intel, AMD, and ARM processors.
Iron Orbit has multiple teams working on mitigating and remediating the effects of these vulnerabilities. We will continue to evaluate, test, and implement new patches and workarounds as they become available. We will ensure that all mitigation and remediation efforts have the least impact possible on your environments.
As of the date above, the following are the key concerns, according to Intel: malicious software, including at least two security issues, known as Meltdown and Spectre, have been identified as posing a risk of disabling the infected machine or collecting data from it, if exploited. However, according to Intel, the feature is very difficult to exploit. AMD has said "we believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue."
As of the date above, Intel and AMD have released certain patches to correct the issue. Further, Microsoft and Apple have released patches and are providing guidance on this issue.
Iron Orbit is working continuously to implement the patches on an ongoing basis, and we will continue to address the problem as vendor patches and workarounds become available.
According to Intel, downloading and using software is the most common way of becoming infected with this malware. Therefore, Iron Orbit discourages users from downloading unnecessary software, so as to avoid infection, until such time as the issue has been fully remediated by the relevant software and hardware providers.
As always, our top priority is ensuring that your environments remain protected. We appreciate your patience as we continue to deal with this complex and developing situation. We are working non-stop to resolve this issue and any that may arise because of it.
Any customer concerns should be brought to our attention as expediently as possible, and we will provide our guidance.
Intel's statements can be found here: https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html
AMD's statements can be found here: https://www.amd.com/en/corporate/speculative-execution
Apple statement on Speculative Exploitation: https://support.apple.com/en-us/HT208394
Exemplary guidance from Microsoft, follows: https://support.microsoft.com/af-za/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution