IGEL Furthers Product Security with Meltdown and Spectre Fix
IGEL has acted quickly in response to the recently disclosed Meltdown and Spectre vulnerabilities with fixes released today.
As background, Meltdown and Spectre affect computer processors, with Meltdown (CVE-2017-5754, critical) affecting Intel CPUs only, and Spectre (CVE-2017-5753 and CVE-2017-5715, high) affecting processors from Intel, AMD and ARM. These vulnerabilities may allow software to read information from other programs and the operating system that they shouldn’t be able to access, for example passwords.
Today IGEL releases fixed firmware images and updates. IGEL strongly recommends updating your devices to these. Note: Any information provided does not release the customer from their obligation to test system modifications in advance. New firmware must always be tested in advance.
The following fixed versions are available for download at http://ift.tt/2DouTYh
- Partial Update for WES7 and WES7+ with fixes for Meltdown and Spectre (CVE-2017-5754, CVE-2017-5715, CVE-2017-5753) and mitigations for Internet Explorer
- Windows 10 IoT Enterprise Private Build 4.01.140 with fixes for Meltdown and Spectre (CVE-2017-5754, CVE-2017-5715, CVE-2017-5753) and mitigations for Internet Explorer
- IGEL OS 10 Private Build 10.03.550 with fixes for Meltdown (CVE-2017-5754) and Spectre version 2 (CVE-2017-5715), Firefox ESR 52.5 is not affected
- LX (for UD-LX devices)
- OS (for UDC3-converted devices and UD Pocket)
The IGEL OS 10 Private Build 10.03.550 has been successfully tested on all IGEL UD-LX devices:
- IZ2-RFX, IZ2-HDX, IZ2-HORIZON
- IZ3-RFX, IZ3-HDX, IZ3-HORIZON
- UD2-LX 40
- UD3-LX 50, UD3-LX 42, UD3-LX 41, UD3-LX 40
- UD5-LX 50, UD5-LX 40
- UD6-LX 51
- UD9-LX Touch 41, UD9-LX 40
- UD10-LX Touch 10, UD10-LX 10
… and on the following 3rd-party devices:
- Acer Veriton
- Advantech-DLoG DLT-V6210
- Advantech-DLoG DLT-V7210 R
- Dell Wyse D10DP
- Dell Wyse D50D
- Dell Wyse Z90Q7
- Lenovo Tiny M600
- Fujitsu Futro X913
- Fujitsu Futro X923
- Lenovo M600
- Toshiba Portege X20W-D-11N
Information about IGEL Linux 5:
Currently, there is no fix for IGEL Linux 5, as the Linux Kernel developers have not integrated measures against Meltdown into the 32-bit version of the kernel. This affects IGEL Linux 5 and all other 32-bit Linux systems on the market. Currently there is no Meltdown fix in the 32-bit mainline Linux Kernel, but it may become available later. In the meantime, protection from the vulnerabilities can be provided via microcode updates from the processor vendors. IGEL will integrate these as soon as they become available.
Further Windows Information:
Windows devices will also need microcode updates for a complete fix of Spectre. IGEL will deliver these as soon as they become available.
It is our commitment to deliver the most resilient and secure endpoint management solutions possible. We will continue to pursue every avenue to deliver on this commitment so that our customers can be assured every protection for their IGEL-enabled end user computing devices. If you have any questions about these vulnerability fixes, please contact IGEL support here: http://ift.tt/2CUUneU.
The post IGEL Furthers Product Security with Meltdown and Spectre Fix appeared first on IGEL.
from english – IGEL