Advisories

Processors from Intel, AMD, and ARM have been confirmed as being affected by some or all of the discovered vulnerabilities. Due to the complex nature of these vulnerabilities, it is prudent to work on the basis that all computer systems could be affected. As these are hardware vulnerabilities, any device may be affected, from computers to smart phones and tablets, and smart devices such as TVs.

Network devices such as routers, firewalls and WAF’s may also be affected, as well as storage devices such as SAN or NAS. For virtualised systems, it is important to patch both host and guest operating systems.

All affected systems need to be updated as patches become available to protect against possible attacks, which would likely use these vulnerabilities to steal sensitive information such as passwords.

If you are using a device which uses a processor from Intel, AMD, or ARM - you may be at risk. This represents the vast majority of end user devices.

Ensure that all software on all your devices is up to date. Some updates have been released, and more are expected to be released over the coming weeks and months as manufacturers and vendors respond to these vulnerabilities.

In particular, ensure your operating system, anti-virus, and browser are updated. If you have a device which is no longer receiving updates, you should consider upgrading or replacing it, to ensure you can get the latest security updates.

CERT NZ’s advice on End-of-Life Devices

UPDATE: It’s important to check with your anti-virus vendor to see how they are working to mitigate this issue, as Microsoft are requiring anti-virus providers to certify compatibility with security updates. Microsoft have noted: “Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets [a specified registry key]”. Further information can be found on the DoublePulsar site External Link .

 For all systems, it’s critical to check with vendors for update guidance. For organisations using Windows Server, CERT NZ recommend that you read Microsoft's guidance External Link and follow the steps provided where applicable.

 In order to mitigate these vulnerabilities, it is possible that the performance of some systems may be impacted, however the effects will be dependent on the systems, the patch, the tasks they are used for and their implementation. Where concerns about these impacts arise, CERT NZ recommend referring to the product vendor for advice and practise standard testing and due diligence before deploying patches. Regardless of potential performance impact, the security implications of not patching these vulnerabilities could be severe, and CERT NZ strongly recommends undertaking all appropriate mitigations.

 Many vendors have released updates, and others are underway. US CERT is maintaining a list of vendor responses to these vulnerabilities, which can be found at https://www.us-cert.gov/ncas/alerts/TA18-004A External Link .