Intel Processor L1TF vulnerabilities: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646

JChua7 · ‎08-15-2018

Hi, How do we go about this fix for the servers. We are using Win2003 standard, Win2003 R2 and Win2008 standard 64 bit. Is there a utility tools to run and check that are in the vulnerability ?

Patching the wrong firmware will be disaster.

Best regards,

idata · ‎08-15-2018

Hi Bombshell,

You will need to check with the manufacturer of your systems to obtain a BIOS update that includes the microcode versions that mitigate this issue. If your servers are from Intel (vs. Dell, HP etc.) then you can find information here: https://www.intel.com/content/www/us/en/support/articles/000028721/server-products.html https://www.intel.com/content/www/us/en/support/articles/000028721/server-products.html

You will also need to check with Microsoft to obtain the security patches for your servers.

There is not a super easy tool that can tell you if a system is vulnerable, but this page from Microsoft has details on using PowerShell to determine if a system is vulnerable: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution (this page also has information on mitigating side-channel vulnerabilities disclosed earlier this year)

You might also find this page useful: https://support.microsoft.com/en-us/help/4457951/windows-server-guidance-to-protect-against-l1-terminal-fault https://support.microsoft.com/en-us/help/4457951/windows-server-guidance-to-protect-against-l1-terminal-fault

Let us know if you have additional questions on this.