Speculative Store ByPass (CVE-2018-3639, CVE-2018-3640) impact on Dell products

Dell is investigating the side-channel vulnerabilities known as Speculative Store Bypass (CVE-2018-3639) and Rogue System Register Read (CVE-2018-3640) affecting many modern microprocessors used in Dell products. For more information, please review the security updates posted by Intel. We are working with Intel and others in the industry to address these issues.

Depending on the affected product, mitigations may include updates to firmware, system software and certain software components. Dell recommends adherence to industry standard security best practices including but not limited to timely software updates, avoiding unknown hyperlinks, websites and files or applications from unknown sources, using up-to-date anti-virus and other advanced threat protection solutions.

Note: You can change the language on many of the web page(s), once you are on their site.

For more information on affected products and next steps, please refer to the following resources which will be updated regularly as new information becomes available. The following links will direct you to the support pages for specific Dell Technologies products:

• Dell PCs and Thin Client products
• Dell EMC PowerEdge Servers, Dell Storage (SC Series, PS Series and Powervault MD Series) and Dell EMC Networking products
• Dell EMC Storage, Data Protection and Converged Infrastructure products (log in required to access the content)
• RSA products (log in required to access the content)
• VMware products

References

• Intel Security Advisory INTEL-SA-00115
• Microsoft Security Research and Defense blog
• Google Project Zero Blog
• AMD

While related to the Spectre-Meltdown vulnerabilities disclosed in January, a new set of microcode and operating system updates are required to mitigate these newly discovered vulnerabilities.