Delaware, USA – February 27, 2018 – Intel released new microcode updates to cope with vulnerability CVE-2017-5715 (Spectre Variant 2) for the Skylake, Kaby Lake and Coffee Lake processors, as well as for some other CPU lines. Updates for the other lines are still under development, for detailed information on the status of updates for various architectures, see guide by Intell.
It is worth noting that earlier this month, new variants of exploiting Meltdown and Spectre vulnerabilities were discovered. Researchers called them SpectrePrime and MeltdownPrime, as they are based on the use of the Prime+Probe attack, and allow adversaries to steal data from the memory of the attacked systems with the same accuracy as Spectre vulnerability. Researchers from the Nvidia company and Princeton University argue that only software updates can protect from such timing attacks.
While there is no information about the exploitation of these vulnerabilities in the wild, it is recommended to monitor the release of updates and install them on vulnerable systems as soon as possible. Specter & Meltdown Dashboard developed by Qualys can help you track remediation progress across your environment and SIEM use case Specter & Meltdown Tracker can enable your ArcSight, Splunk or QRadar to identify vulnerable assets.