Retina Customer Alert: Intel, AMD and ARM Chipset Vulnerability (Spectre and Meltdown)

As you have likely heard by now, the kernel-memory-leaking processor vulnerability (Spectre and Meltdown) extends beyond the Intel chipset; it is now known to affect AMD and ARM chipsets as well supporting Windows, Unix, Linux and MacOS. The massive scope of this vulnerability has led to some OS vendors to release emergency patches in order to mitigate this vulnerability.

For customers, BeyondTrust has added the following detection in Retina’s audit release 3365 based on the latest patches currently available.

Updated: 1/24/2018

• 67245 Microsoft Security Update for SQL Server - Jan 2018 - 4057118 2016 GDR
• 67246 Microsoft Security Update for Windows - Jan 2018 - Mitigation
• 67247 Microsoft Security Update for SQL Server - Jan 2018 - 4058561 2016 CU7
• 67248 Microsoft Security Update for SQL Server - Jan 2018 - 4057122 2017 GDR
• 67249 Microsoft Security Update for SQL Server - Jan 2018 - 4058562 2017 CU3
• 67107 Microsoft Security Update for Windows 10 - Jan 2018
• 67108 Microsoft Security Update for Windows - Jan 2018 - 7 / 2008R2
• 67109 Microsoft Security Update for Windows - Jan 2018 - 8.1 / 2012R2
• 67110 Microsoft Security Update for Windows - Jan 2018 - 2012
• 67111 Microsoft Cumulative Security Update for Internet Explorer - Jan 2018
• 67396 ASA-201801-10 : intel-ucode
• 67392 ASA-201801-6 : linux-lts
• 67390 ASA-201801-4 : linux-hardened
• 67389 ASA-201801-3 : linux-zen
• 67387 ASA-201801-1 : linux
• 67095 RHSA-2018:0007 - kernel security update
• 67096 RHSA-2018:0008 - kernel security update
• 67097 RHSA-2018:0009 - kernel security update
• 67098 RHSA-2018:0010 - kernel security update
• 67099 RHSA-2018:0011 - kernel security update
• 67100 RHSA-2018:0012 - microcode_ctl security update
• 67101 RHSA-2018:0013 - microcode_ctl security update
• 67115 RHSA-2018:0016 - kernel-rt security update
• 67116 RHSA-2018:0017 - kernel security update
• 67117 RHSA-2018:0018 - kernel security update
• 67118 RHSA-2018:0020 - kernel security update
• 67119 RHSA-2018:0022 - kernel security update
• 67120 RHSA-2018:0023 - qemu-kvm security update
• 67121 RHSA-2018:0024 - qemu-kvm security update
• 67122 RHSA-2018:0025 - qemu-kvm-rhev security update
• 67123 RHSA-2018:0026 - qemu-kvm security update
• 67124 RHSA-2018:0027 - qemu-kvm security update
• 67125 RHSA-2018:0028 - qemu-kvm-rhev security update
• 67126 RHSA-2018:0029 - libvirt security update
• 67127 RHSA-2018:0030 - libvirt security update
• 67128 RHSA-2018:0031 - libvirt security update
• 67129 RHSA-2018:0032 - libvirt security update
• 67130 RHSA-2018:0034 - microcode_ctl security update
• 67131 RHSA-2018:0035 - microcode_ctl security update
• 67132 RHSA-2018:0036 - microcode_ctl security update
• 67133 RHSA-2018:0037 - microcode_ctl security update
• 67134 RHSA-2018:0038 - microcode_ctl security update
• 67135 RHSA-2018:0039 - microcode_ctl security update
• 67136 RHSA-2018:0014 - linux-firmware security update
• 67137 RHSA-2018:0015 - linux-firmware security update
• 67154 RHSA-2018:0044 - redhat-virtualization-host security update
• 67155 RHSA-2018:0045 - rhvm-appliance security update
• 67156 RHSA-2018:0047 - redhat-virtualization-host security update
• 67157 RHSA-2018:0053 - linux-firmware security update
• 67158 RHSA-2018:0054 - qemu-kvm-rhev security and bug fix update
• 67159 RHSA-2018:0055 - qemu-kvm-rhev security and bug fix update
• 67160 RHSA-2018:0056 - qemu-kvm-rhev security update
• 67161 RHSA-2018:0057 - qemu-kvm-rhev security update
• 67162 RHSA-2018:0058 - qemu-kvm-rhev security update
• 67163 RHSA-2018:0059 - qemu-kvm-rhev security update
• 67164 RHSA-2018:0060 - qemu-kvm-rhev security update
• 67165 RHSA-2018:0040 - microcode_ctl security update
• 67424 RHSA-2018:0094 - linux-firmware security update
• 67423 RHSA-2018:0093 - microcode_ctl security update
• 67520 RHSA-2018:0104 - qemu-kvm security update
• 67522 RHSA-2018:0106 - qemu-kvm security update
• 67528 RHSA-2018:0112 - libvirt security update
• 67525 RHSA-2018:0109 - libvirt security update
• 67524 RHSA-2018:0108 - libvirt security update
• 67526 RHSA-2018:0110 - libvirt security update
• 67523 RHSA-2018:0107 - qemu-kvm security update
• 67521 RHSA-2018:0105 - qemu-kvm security update
• 67519 RHSA-2018:0103 - qemu-kvm security update
• 67527 RHSA-2018:0111 - libvirt security update
• 67103 SUSE-SU-2018:0008-1 - Security update for kernel-firmware
• 67104 SUSE-SU-2018:0007-1 - Security update for qemu
• 67105 SUSE-SU-2018:0006-1 - Security update for ucode-intel
• 67225 USN-3516-1: Firefox vulnerabilities
• 67386 USN-3531-1: Intel Microcode update
• 67550 USN-3541-2: Linux kernel (HWE) vulnerabilities
• 67546 USN-3540-1: Linux kernel vulnerabilities
• 67547 USN-3541-1: Linux kernel vulnerabilities
• 67548 USN-3542-1: Linux kernel vulnerabilities
• 67549 USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities
• 67546 USN-3540-1: Linux kernel vulnerabilities
• 67547 USN-3541-1: Linux kernel vulnerabilities
• 67533 USN-3531-2: Intel Microcode regression
• 67091 - Apple macOS < 10.13.2 - Multiple Vulnerabilities (HT208331) - 10.13
• 67093 - Apple macOS < 10.13.2 - Multiple Vulnerabilities (HT208331) - 10.12
• 67094 - Apple macOS < 10.13.2 - Multiple Vulnerabilities (HT208331) - 10.11
• 67552 Apple macOS < 10.13.3 - Multiple Vulnerabilities (HT208465) - 10.12
• 67553 Apple macOS < 10.13.3 - Multiple Vulnerabilities (HT208465) - 10.11
• 67551 Apple macOS < 10.13.3 - Multiple Vulnerabilities (HT208465) - 10.13
• 67236 Apple Safari - Multiple Vulnerabilities (HT207403) "Spectre"
• 67237 Apple iOS < 11.2.2 - Multiple Vulnerabilities (HT208401)
• 67277 USN-3521-1: NVIDIA graphics drivers vulnerability
• 67317 DSA-4082-1 linux
• 67112 CESA-2018:0014 - linux-firmware Security Update
• 67113 CESA-2018:0012 - microcode_ctl Security Update
• 67114 CESA-2018:0007 - kernel Security Update
• 67149 CESA-2018:0023 - qemu-kvm Security Update
• 67150 CESA-2018:0029 - libvirt Security Update
• 67151 CESA-2018:0030 - libvirt Security Update
• 67152 CESA-2018:0008 - kernel Security Update
• 67153 CESA-2018:0013 - microcode_ctl Security Update
• 67365 ELSA-2018-0024 - qemu-kvm
• 67364 ELSA-2018-0023 - qemu-kvm
• 67363 ELSA-2018-0030: libvirt
• 67362 ELSA-2018-0029: libvirt
• 67361 ELSA-2018-0012: microcode_ctl
• 67360 ELSA-2018-0007: kernel
• 67359 ELSA-2018-0013: microcode_ctl
• 67358 ELSA-2018-0008: kernel
• 67357 OVMSA-2018-0004: qemu-kvm
• 67356 OVMSA-2018-0003: microcode_ctl
• 67355 ALAS-2018-939: kernel
• 67354 VMSA-2018-0004: Speculative Execution - Workstation Windows
• 67353 VMSA-2018-0004: Speculative Execution - Workstation Linux
• 67352 VMSA-2018-0004: Speculative Execution - Fusion
• 67351 VMSA-2018-0004: Speculative Execution - vCenter 5.5
• 67350 VMSA-2018-0004: Speculative Execution - vCenter 6.0
• 67349 VMSA-2018-0004: Speculative Execution - vCenter 6.5
• 67348 VMSA-2018-0004: Speculative Execution - ESXi 5.5
• 67347 VMSA-2018-0004: Speculative Execution - ESXi 6.0
• 67346 VMSA-2018-0004: Speculative Execution - ESXi 6.5
• 67371 VMSA-2018-0002.1: Speculative Execution - Fusion
• 67370 VMSA-2018-0002.1: Speculative Execution - Workstation Linux
• 67369 VMSA-2018-0002.1: Speculative Execution - Workstation Windows
• 67368 VMSA-2018-0002.1: Speculative Execution - ESXi 5.5
• 67367 VMSA-2018-0002.1: Speculative Execution - ESXi 6.0
• 67366 VMSA-2018-0002.1: Speculative Execution - ESXi 6.5
• 67381 - Citrix XenServer - Multiple Vulnerabilities (CTX231390)
• 67440 Oracle VM VirtualBox: Oracle CPU Jan 2018 - Linux
• 67439 Oracle VM VirtualBox: Oracle CPU Jan 2018 - macOS
• 67438 Oracle VM VirtualBox: Oracle CPU Jan 2018 - Windows
• 67436 SSA:2018-016-01: kernel - 'Spectre' and 'Meltdown'
• 67436 SSA:2018-016-01: kernel - 'Spectre' and 'Meltdown'
• 67516 SSA:2017-020-01: mozilla-firefox - Multiple Vulnerabilities
• 67090 - Intel SA-000088: Speculative Execution Vulnerability – Windows*
• 67092 - Intel SA-000088: Speculative Execution Vulnerability - UNIX\Linux*
• 67557 - Intel SA-000088: Speculative Execution Vulnerability - Mac OS X*

* These are informational checks that use either WMI or SSH to determine the processor model. If the model is affected, then the audit will flag. Note that we cannot check to see if the microcode has been patched in firmware, so these audits are informational only and should be used to help prioritize OS level patching.

BeyondTrust will continue to add more audits as additional patches become available. Watch here for more details. If you have any questions in the meantime, please contact customer support.