Tuesday, January 16, 2018

ICS-CERT Updates Meltdown Alert

Today the DHS ICS-CERT updated their Meltdown/Spectre alert that was originally published on January 11th. The new information includes links to the following additional vendor reports on the CPU vulnerabilities:

Philips; and

Additionally (and not specifically noted in this update), Becton, Dickinson, and Company have published a new security bulletin since the original ICS-CERT alert mentioned their initial report.


Unfortunately, while providing links to the appropriate documents, ICS-CERT has not addressed the issue seen by a number of vendors, the Microsoft update may not be compatible with all control systems. That, plus the fact that Microsoft has decided to not allow the update to take effect on systems without an updated antivirus registry key, means that system owners need to pay real close attention to the final word from their vendors. Unfortunately, the information linked to in this update is mainly preliminary; most of the listed vendors are still looking at the compatibility issues.

Of course, it could be worse. We are still waiting for the initial ICS-CERT alert on the KRACK vulnerability.

No comments:

/* Use this with templates/template-twocol.html */