As you may be aware, on January 3, 2018 Google identified two vulnerabilities known as “Meltdown” and “Spectre” that affect the microprocessors running in virtually all modern computing devices. In light of the situation, Blair Technology Solutions would like to provide the following update to help you understand the situation, mitigate the risks and ensure your data is protected. We will continue to monitor the situation and provide additional updates as new information becomes available.
Current Situation
-
Processor Chip (CPU) architectural design vulnerability can potentially allow access to secure system level information
-
Affects most Processor chips going back to late 1990’s, including IBM Power
-
Operating Systems affected…Intel (Windows/VMware), Linux, AIX, IBM i
-
Current resolutions are a combination of OS patches and system firmware updates
Potential Client Impact
-
Additional security threats
-
Outage requirements to enable patching
-
Performance impact of firmware and OS patches
-
Unknown exposure of older, out of support hardware systems and operating systems
Recommended Actions
The most immediate action should be to prevent the execution of unauthorized software on any system that handles sensitive data, including adjacent virtual machines within your environment.
The next step is to look into patches for operating system kernels and firmware running on the system that are available from the manufacturers. Review these patches in the context of your datacenter environment and standard evaluation practices to determine if they should be applied. Please note early indications suggest some performance degradation from the patches. Testing will be important.
Specifically, for IBM Power clients, complete mitigation of this vulnerability for Power Systems involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to these vulnerabilities and is a pre-requisite for the OS patch to be effective. These will be available as follows:
-
Firmware patches for POWER7+, POWER8, and POWER9 platforms are now available via FixCentral. POWER7 patches will be available beginning February 7.
-
Linux operating systems patches are now available through our Linux distribution partners Red Hat, SUSE and Canonical.
-
IBM i operating system patches are now available via FixCentral and will continue to be rolled out through February 12.
-
AIX patches will be available beginning January 26 and will continue to be rolled out through February 12
Although the exact business impact of the two threats (including security and performance) remains unknown, Blair is taking a proactive approach. We are working closely with IBM and other industry partners to provide best practices and recommendations as quickly as possible to protect our clients from these and other known vulnerabilities.
If you have any concerns about your environment or require any additional information, please contact us to schedule a session.
