Microsoft issued a new security advisory for Intel microcode updates for Windows 10 versions 1903 and 1909. The updates also address a known vulnerability behind a Zombieload attack. In addition, a targeted update for Windows Server 2019 version 1903 was also available.
Security firm Verint analyzed the top 20 vulnerabilities to patch now that are under active attack and exploited by cyber attack groups worldwide. The report is aimed at assisting security teams in prioritizing and enhancing their organization’s patch management efforts.
Security researchers have found a new side-channel attack and vulnerability that affects millions of newer Intel microprocessors. The new vulnerability CVE-2019-1125 dubbed SWAPGS is a variant of Spectre Variant 1 and bypasses previous mitigations against Spectre and Meltdown.
Cisco released new security updates on Friday, two rated high severity and two medium severity, to address ASA, NX-OS and CPU side-channel vulnerablities that impact multiple products.
New variants of the side-channel central processing unit (CPU) hardware vulnerabilities (aka Meltdown/Spectre) have been discovered. The new variants dubbed 3A and 4 have been found by Microsoft and Google researchers.
A new vulnerability dubbed “Total Meltdown” was discovered last month after Microsoft issued patches to fix the previous Meltdown vulnerabilities.
Intel released new details of availability for microcode updates that address the Meltdown and Spectre design flaws in Intel processors. According to the company, Intel has stopped working on microcode updates for certain Intel processors as noted in the release.
Intel said the root cause of the reboot issues have been identified. To that end, the company said customers and partners should not install its current versions of Spectre/Meltdown patches rolled out earlier this month as they “may introduce higher than expected reboots and other unpredictable system behavior.”
Intel made an update yesterday to previously issued security advisory on the Spectre/Meltdown ‘speculation execution’ vulnerabilities that could cause information disclosure on systems running Intel processors.
Oracle has released its Critical Patch Update Advisory for January 2018. The update includes 237 new security fixes for multiple Oracle products to include Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) Intel processor vulnerabilities.