Retina Customer Alert: Intel, AMD and ARM Chipset Vulnerability (Spectre and Meltdown)

As you have likely heard by now, the kernel-memory-leaking processor vulnerability (Spectre and Meltdown) extends beyond the Intel chipset; it is now known to affect AMD and ARM chipsets as well supporting Windows, Unix, Linux and MacOS. The massive scope of this vulnerability has led to some OS vendors to release emergency patches in order to mitigate this vulnerability.
For customers, BeyondTrust has added the following detection in Retina’s audit release 3365 based on the latest patches currently available.
Updated: 1/24/2018
67245 Microsoft Security Update for SQL Server - Jan 2018 - 4057118 2016 GDR
67246 Microsoft Security Update for Windows - Jan 2018 - Mitigation
67247 Microsoft Security Update for SQL Server - Jan 2018 - 4058561 2016 CU7
67248 Microsoft Security Update for SQL Server - Jan 2018 - 4057122 2017 GDR
67249 Microsoft Security Update for SQL Server - Jan 2018 - 4058562 2017 CU3
67107 Microsoft Security Update for Windows 10 - Jan 2018
67108 Microsoft Security Update for Windows - Jan 2018 - 7 / 2008R2
67109 Microsoft Security Update for Windows - Jan 2018 - 8.1 / 2012R2
67110 Microsoft Security Update for Windows - Jan 2018 - 2012
67111 Microsoft Cumulative Security Update for Internet Explorer - Jan 2018
67396 ASA-201801-10 : intel-ucode
67392 ASA-201801-6 : linux-lts
67390 ASA-201801-4 : linux-hardened
67389 ASA-201801-3 : linux-zen
67387 ASA-201801-1 : linux
67095 RHSA-2018:0007 - kernel security update
67096 RHSA-2018:0008 - kernel security update
67097 RHSA-2018:0009 - kernel security update
67098 RHSA-2018:0010 - kernel security update
67099 RHSA-2018:0011 - kernel security update
67100 RHSA-2018:0012 - microcode_ctl security update
67101 RHSA-2018:0013 - microcode_ctl security update
67115 RHSA-2018:0016 - kernel-rt security update
67116 RHSA-2018:0017 - kernel security update
67117 RHSA-2018:0018 - kernel security update
67118 RHSA-2018:0020 - kernel security update
67119 RHSA-2018:0022 - kernel security update
67120 RHSA-2018:0023 - qemu-kvm security update
67121 RHSA-2018:0024 - qemu-kvm security update
67122 RHSA-2018:0025 - qemu-kvm-rhev security update
67123 RHSA-2018:0026 - qemu-kvm security update
67124 RHSA-2018:0027 - qemu-kvm security update
67125 RHSA-2018:0028 - qemu-kvm-rhev security update
67126 RHSA-2018:0029 - libvirt security update
67127 RHSA-2018:0030 - libvirt security update
67128 RHSA-2018:0031 - libvirt security update
67129 RHSA-2018:0032 - libvirt security update
67130 RHSA-2018:0034 - microcode_ctl security update
67131 RHSA-2018:0035 - microcode_ctl security update
67132 RHSA-2018:0036 - microcode_ctl security update
67133 RHSA-2018:0037 - microcode_ctl security update
67134 RHSA-2018:0038 - microcode_ctl security update
67135 RHSA-2018:0039 - microcode_ctl security update
67136 RHSA-2018:0014 - linux-firmware security update
67137 RHSA-2018:0015 - linux-firmware security update
67154 RHSA-2018:0044 - redhat-virtualization-host security update
67155 RHSA-2018:0045 - rhvm-appliance security update
67156 RHSA-2018:0047 - redhat-virtualization-host security update
67157 RHSA-2018:0053 - linux-firmware security update
67158 RHSA-2018:0054 - qemu-kvm-rhev security and bug fix update
67159 RHSA-2018:0055 - qemu-kvm-rhev security and bug fix update
67160 RHSA-2018:0056 - qemu-kvm-rhev security update
67161 RHSA-2018:0057 - qemu-kvm-rhev security update
67162 RHSA-2018:0058 - qemu-kvm-rhev security update
67163 RHSA-2018:0059 - qemu-kvm-rhev security update
67164 RHSA-2018:0060 - qemu-kvm-rhev security update
67165 RHSA-2018:0040 - microcode_ctl security update
67424 RHSA-2018:0094 - linux-firmware security update
67423 RHSA-2018:0093 - microcode_ctl security update
67520 RHSA-2018:0104 - qemu-kvm security update
67522 RHSA-2018:0106 - qemu-kvm security update
67528 RHSA-2018:0112 - libvirt security update
67525 RHSA-2018:0109 - libvirt security update
67524 RHSA-2018:0108 - libvirt security update
67526 RHSA-2018:0110 - libvirt security update
67523 RHSA-2018:0107 - qemu-kvm security update
67521 RHSA-2018:0105 - qemu-kvm security update
67519 RHSA-2018:0103 - qemu-kvm security update
67527 RHSA-2018:0111 - libvirt security update
67103 SUSE-SU-2018:0008-1 - Security update for kernel-firmware
67104 SUSE-SU-2018:0007-1 - Security update for qemu
67105 SUSE-SU-2018:0006-1 - Security update for ucode-intel
67225 USN-3516-1: Firefox vulnerabilities
67386 USN-3531-1: Intel Microcode update
67550 USN-3541-2: Linux kernel (HWE) vulnerabilities
67546 USN-3540-1: Linux kernel vulnerabilities
67547 USN-3541-1: Linux kernel vulnerabilities
67548 USN-3542-1: Linux kernel vulnerabilities
67549 USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities
67546 USN-3540-1: Linux kernel vulnerabilities
67547 USN-3541-1: Linux kernel vulnerabilities
67533 USN-3531-2: Intel Microcode regression
67091 - Apple macOS < 10.13.2 - Multiple Vulnerabilities (HT208331) - 10.13
67093 - Apple macOS < 10.13.2 - Multiple Vulnerabilities (HT208331) - 10.12
67094 - Apple macOS < 10.13.2 - Multiple Vulnerabilities (HT208331) - 10.11
67552 Apple macOS < 10.13.3 - Multiple Vulnerabilities (HT208465) - 10.12
67553 Apple macOS < 10.13.3 - Multiple Vulnerabilities (HT208465) - 10.11
67551 Apple macOS < 10.13.3 - Multiple Vulnerabilities (HT208465) - 10.13
67236 Apple Safari - Multiple Vulnerabilities (HT207403) "Spectre"
67237 Apple iOS < 11.2.2 - Multiple Vulnerabilities (HT208401)
67277 USN-3521-1: NVIDIA graphics drivers vulnerability
67317 DSA-4082-1 linux
67112 CESA-2018:0014 - linux-firmware Security Update
67113 CESA-2018:0012 - microcode_ctl Security Update
67114 CESA-2018:0007 - kernel Security Update
67149 CESA-2018:0023 - qemu-kvm Security Update
67150 CESA-2018:0029 - libvirt Security Update
67151 CESA-2018:0030 - libvirt Security Update
67152 CESA-2018:0008 - kernel Security Update
67153 CESA-2018:0013 - microcode_ctl Security Update
67365 ELSA-2018-0024 - qemu-kvm
67364 ELSA-2018-0023 - qemu-kvm
67363 ELSA-2018-0030: libvirt
67362 ELSA-2018-0029: libvirt
67361 ELSA-2018-0012: microcode_ctl
67360 ELSA-2018-0007: kernel
67359 ELSA-2018-0013: microcode_ctl
67358 ELSA-2018-0008: kernel
67357 OVMSA-2018-0004: qemu-kvm
67356 OVMSA-2018-0003: microcode_ctl
67355 ALAS-2018-939: kernel
67354 VMSA-2018-0004: Speculative Execution - Workstation Windows
67353 VMSA-2018-0004: Speculative Execution - Workstation Linux
67352 VMSA-2018-0004: Speculative Execution - Fusion
67351 VMSA-2018-0004: Speculative Execution - vCenter 5.5
67350 VMSA-2018-0004: Speculative Execution - vCenter 6.0
67349 VMSA-2018-0004: Speculative Execution - vCenter 6.5
67348 VMSA-2018-0004: Speculative Execution - ESXi 5.5
67347 VMSA-2018-0004: Speculative Execution - ESXi 6.0
67346 VMSA-2018-0004: Speculative Execution - ESXi 6.5
67371 VMSA-2018-0002.1: Speculative Execution - Fusion
67370 VMSA-2018-0002.1: Speculative Execution - Workstation Linux
67369 VMSA-2018-0002.1: Speculative Execution - Workstation Windows
67368 VMSA-2018-0002.1: Speculative Execution - ESXi 5.5
67367 VMSA-2018-0002.1: Speculative Execution - ESXi 6.0
67366 VMSA-2018-0002.1: Speculative Execution - ESXi 6.5
67381 - Citrix XenServer - Multiple Vulnerabilities (CTX231390)
67440 Oracle VM VirtualBox: Oracle CPU Jan 2018 - Linux
67439 Oracle VM VirtualBox: Oracle CPU Jan 2018 - macOS
67438 Oracle VM VirtualBox: Oracle CPU Jan 2018 - Windows
67436 SSA:2018-016-01: kernel - 'Spectre' and 'Meltdown'
67436 SSA:2018-016-01: kernel - 'Spectre' and 'Meltdown'
67516 SSA:2017-020-01: mozilla-firefox - Multiple Vulnerabilities
67090 - Intel SA-000088: Speculative Execution Vulnerability – Windows*
67092 - Intel SA-000088: Speculative Execution Vulnerability - UNIX\Linux*
67557 - Intel SA-000088: Speculative Execution Vulnerability - Mac OS X*
* These are informational checks that use either WMI or SSH to determine the processor model. If the model is affected, then the audit will flag. Note that we cannot check to see if the microcode has been patched in firmware, so these audits are informational only and should be used to help prioritize OS level patching.
BeyondTrust will continue to add more audits as additional patches become available. Watch here for more details. If you have any questions in the meantime, please contact customer support.

