Dell is aware of the side-channel analysis vulnerabilities described in CVEs 2017-5715, 2017-5753 and 2017-5754, known as Meltdown and Spectre affecting many modern microprocessors. For more information, please visit security updates posted by Intel
Here is an overview of the issue:
Patch Guidance (updated March 20, 2018)
- The issue is not specific to any one vendor and takes advantage of techniques commonly used in most of the modern processor architectures. This means that a large range of products are affected from desktops and laptops to servers and storage, even smartphones.
- Good security hygiene should continue to be used. This includes ensuring devices are updated with the latest patches, employing anti-virus updates and advanced threat protection solutions.
- As Intel reported in their FAQ, researchers demonstrated a proof of concept. That said, Dell is not aware of any exploits to date.
There are two essential components that need to be applied to mitigate the above mentioned vulnerabilities:
1) Apply the firmware update via BIOS update.
2) Apply the applicable operating system (OS) patch.
What does this mean for you?
For more information on affected platforms and next steps to apply the updates, please refer to the following resources. They will be updated regularly as new information becomes available. Dell is testing all firmware updates before deploying them to ensure minimal impact to customers.Dell PCs and Thin ClientDell EMC Server, Dell Storage and Networking productsDell EMC Storage, Data Protection and Converged Platforms
(log in required to access the content)RSA products
(log in required to access the content)Dell EMC Converged Platforms (vBlock)
(log in required to access the content)VMware productsPivotal products
Dell is deploying the OS patches and firmware updates within our own IT infrastructure in line with best security practices.Additional resources:Microprocessor manufacturers Operating Systems for Dell PCs and Thin Client Operating Systems for Dell EMC Server, Dell Storage and Networking product