• Edit 1 (2018-01-05): Add FreeBSD
  • Edit 2 (2018-01-06): add several links, official info from Apple
  • Edit 3 (2018-01-08): Web browser section, new link, AV, tools
  • Edit 4 (2018-01-09): AlienVault,iOS, PoC
  • Edit 5 (2018-01-15): Add flog to chrome, PoC

Summary

Introduction

As usual there are two (not so ?) new security flaws. But this time it is related to the hardware and more specifically to the processor by 3 different vendors (AMD, ARM and Intel).

So here is a synthesis of every information I have collected on the Net. Thanks to all people who reported and/or provided links/information/tools/PoC.

CVE references

Communication from researchers

Communication from vendors (hardware, software, hoster, cloud based solution)

Analysis, demos, resources, mitigations, PoC, recommendations, tools

My obvious recommendations are to patch ASAP, but as we know it is not so obvious. Maybe you can start by patching web browser and apply correct settings, there will be some exploit in the wild in a couple of hours/days. Another important information is the relationship between Anti-Virus and windows patches, there are some recommendations about this on the MS website

Web browser information

Patch issues

  • AMD CPUs and MS Patch issue
  • About performance and PCID

Sources of information