{"id":13547,"date":"2018-01-10T15:46:08","date_gmt":"2018-01-10T15:46:08","guid":{"rendered":"https:\/\/www.dfi.ch\/important-flash-news-2\/"},"modified":"2022-09-01T13:56:18","modified_gmt":"2022-09-01T13:56:18","slug":"important-flash-news-2","status":"publish","type":"post","link":"https:\/\/www.cheops-technology.ch\/en\/important-flash-news-2\/","title":{"rendered":"Important Flash news"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"13547\" class=\"elementor elementor-13547 elementor-3682\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ce413b8 ot-traditional elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ce413b8\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7b54b8d1 ot-flex-column-vertical\" data-id=\"7b54b8d1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-39175bea elementor-widget elementor-widget-text-editor\" data-id=\"39175bea\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p> <\/p><h4>Critical vulnerabilities in AMD, ARM and Intel processors<\/h4><p>The beginning of this year has been marked by the discovery of two highly critical vulnerabilities in the processor architecture of three vendors, AMD, ARM and Intel.<\/p><p> <\/p><h4>WHICH SYSTEMS ARE AFFECTED?<\/h4><p>These flaws are present in almost all IT equipment (PCs, laptops, servers, clouds, smartphones, etc.) from the main vendors, such as Microsoft, Apple and Samsung. The impacted processors concern the most recent processors of the above-mentioned brands but also processors dating back to 1995. The attack surface is therefore very large for malicious actors and represents a great opportunity for them.<\/p><p> <\/p><h4>WHAT ARE THE RISKS?<\/h4><p>The flaws in question have been named Meltdown and Spectre. These two hardwares flaws could allow an attacker to retrieve sensitive information that is not supposed to be accessible by the user environment such as passwords from your browser or password manager.<\/p><p> <\/p><h4>HOW TO REACT TO THIS ATTACK ?<\/h4><p>DFi is in the process of applying the various patches in order not to expose its customers and its entire infrastructure to malicious actions. Even if the public attacks available to date are still limited, it is also essential that each customer updates the operating systems of their virtual servers with the patches which follow in the appendix. These will be automatically applied for customers who have delegated the management of the operating system to DFi.<\/p><p> <\/p><p><strong>In addition, the customers of DFi&#8217;s <a href=\"https:\/\/www.swiss-itsecurity.com\/security-operation-center-soc.html\" target=\"_blank\" rel=\"noopener noreferrer\">Security Operations Center (SOC)<\/a> benefit from a proactive detection of attempts to exploit these flaws as well as an appropriate response enabling the threat to be quickly contained.<\/strong><\/p><p><strong>DFi encourages you to always keep your machines and software up to date in order to reduce the attack vectors.<\/strong> Indeed, the majority of attacks to date use vulnerabilities that are several years old, hence the need to apply patches as soon as they are published.<\/p><h4>SECURITY FLAW REFERENCES:<\/h4><p>For more information refer to the following CVEs:<\/p><ul><li>CVE-2017-5715<\/li><li>CVE-2017-5753<\/li><li>CVE-2017-5754<\/li><\/ul><p><a href=\"https:\/\/meltdownattack.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/meltdownattack.com<br><\/a><a href=\"https:\/\/spectreattack.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/spectreattack.com<\/a><\/p><p> <\/p><h4>APPENDIX OF EXISTING PATCHES TO DATE :<\/h4><p><strong>For Microsoft Windows :<\/strong><\/p><ul><li>Microsoft Windows 7 : KB4056897<\/li><li>Microsoft Windows 8.1 : KB4056898<\/li><li>Microsoft Windows 10 : KB4056892<\/li><li>Microsoft Windows Server 2008 R2 : KB4056897<\/li><li>Microsoft Windows Server 2012 R2 : KB4056898<\/li><li>Microsoft Windows Server 2016 : KB4056890<\/li><li>Microsoft Windows Server Core version 1709 : KB4056892<\/li><\/ul><p><strong>For MacOS :<\/strong><\/p><ul><li>A patch has been released in MacOS 10.13.2<\/li><\/ul><p><strong>For Linux :<\/strong><\/p><ul><li>CentOS 7 : 3.10.0-693.11.6<\/li><li>Other GNU\/Linux distributions: update to the latest kernel version<\/li><\/ul><p>It is also necessary to update your <strong>internet browser<\/strong> to the following versions<\/p><ul><li>Mozilla Firefox : version 57<\/li><li>Google Chrome : version 64<\/li><li>Microsoft Edge via KB4056890<\/li><\/ul><p><strong>Let&#8217;s stay vigilant together.<\/strong><\/p><p><strong>Security Operations Center \u2013 DFi Service SA <\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>The beginning of this year has been marked by the discovery of two highly critical vulnerabilities in the processor architecture of three vendors, AMD, ARM and Intel.<\/p>\n","protected":false},"author":1,"featured_media":11054,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[96],"tags":[],"class_list":["post-13547","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-en-2"],"_links":{"self":[{"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/posts\/13547","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/comments?post=13547"}],"version-history":[{"count":2,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/posts\/13547\/revisions"}],"predecessor-version":[{"id":13553,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/posts\/13547\/revisions\/13553"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/media\/11054"}],"wp:attachment":[{"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/media?parent=13547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/categories?post=13547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cheops-technology.ch\/en\/wp-json\/wp\/v2\/tags?post=13547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}