Today the DHS ICS-CERT updated their Meltdown/Spectre alert
that was originally
published on January 11th. The new information includes links to
the following additional vendor reports on the CPU vulnerabilities:
Philips; and
Additionally (and not specifically noted in this update),
Becton, Dickinson, and Company have published a
new security bulletin since the original ICS-CERT alert mentioned their
initial report.
Commentary
Unfortunately, while providing links to the appropriate
documents, ICS-CERT has not addressed the issue seen by a
number of vendors, the Microsoft update may not be compatible with all
control systems. That, plus the fact that Microsoft has decided to not allow
the update to take effect on systems without an updated antivirus registry key,
means that system owners need to pay real close attention to the final word
from their vendors. Unfortunately, the information linked to in this update is
mainly preliminary; most of the listed vendors are still looking at the
compatibility issues.
Of course, it could be worse. We are still waiting for the
initial ICS-CERT alert on the KRACK vulnerability.
Posts
No comments:
Post a Comment