Meltdown and Spectre Vulnerabilities

Dell is aware of the side-channel analysis vulnerabilities described in CVEs 2017-5715, 2017-5753 and 2017-5754, known as Meltdown and Spectre affecting many modern microprocessors. For more information, please visit security updates posted by Intel and AMD.

Here is an overview of the issue:
  • The issue is not specific to any one vendor and takes advantage of techniques commonly used in most of the modern processor architectures. This means that a large range of products are affected from desktops and laptops to servers and storage, even smartphones.
  • Mitigations include updates to both system software (Operating System (OS) patch) and firmware (BIOS, microcode updates). In some environments this may include hypervisor patches, patches to virtualization software, browsers and JavaScript engines.
  • Good security hygiene should continue to be used. This includes ensuring devices are updated with the latest patches, employing anti-virus updates and advanced threat protection solutions.  
  • As Intel reported in their FAQ, researchers demonstrated a proof of concept. That said, Dell is not aware of any exploits to date.

Patch Guidance (updated March 20, 2018)

There are two essential components that need to be applied to mitigate the above mentioned vulnerabilities:

1) Apply the firmware update via BIOS update.
2) Apply the applicable operating system (OS) patch.

What does this mean for you?

For more information on affected platforms and next steps to apply the updates, please refer to the following resources. They will be updated regularly as new information becomes available. Dell is testing all firmware updates before deploying them to ensure minimal impact to customers.

Dell PCs and Thin Client
Dell EMC Server, Dell Storage and Networking products
Dell EMC Storage, Data Protection and Converged Platforms (log in required to access the content)
RSA products (log in required to access the content)
Dell EMC Converged Platforms (vBlock) (log in required to access the content)
VMware products
Pivotal products

Dell is deploying the OS patches and firmware updates within our own IT infrastructure in line with best security practices.

Additional resources:

Microprocessor manufacturers Operating Systems for Dell PCs and Thin Client Operating Systems for Dell EMC Server, Dell Storage and Networking product