Meltdown & Spectre: Windows Security Update KB4056892

If you are reading this, chances are that you already know about the current security flaw discovered in what has been coined “modern processor chips” that could allow hackers to access data such as passwords, encryption keys and other information you want kept private.

Microsoft has released an out-of-band emergency patch for Windows 10 which should be installed as soon as possible. If you have yet to receive the patch via Windows Update, you can manually install it by going to this Windows Update Catalog page.   You can also check for updates

*note* check with your IT department when in doubt.

Ref URL:


Included in this update:

his update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Addresses issue where event logs stop receiving events when a maximum file size policy is applied to the channel.
  • Addresses issue where printing an Office Online document in Microsoft Edge fails.
  • Addresses issue where the touch keyboard doesn’t support the standard layout for 109 keyboards.
  • Addresses video playback issues in applications such as Microsoft Edge that affect some devices when playing back video on a monitor and a secondary, duplicated display.
  • Addresses issue where Microsoft Edge stops responding for up to 3 seconds while displaying content from a software rendering path.
  • Addresses issue where only 4 TB of memory is shown as available in Task Manager in Windows Server version 1709 when more memory is actually installed, configured, and available.
  • Security updates to Windows SMB Server, the Windows Subsystem for Linux, Windows Kernel, Windows Datacenter Networking, Windows Graphics, Microsoft Edge, Internet Explorer, and the Microsoft Scripting Engine.






Meltdown & Spectre Vulnerabilities

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer.  Malicious programs can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs obtaining passwords, logon details and what was once thought to be secured information.

Meltdown and Spectre work on personal computers, mobile devices, and in the Cloud – AWS, Azure, and other 3rd party Cloud / IaaS Providers.

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. If your computer has a vulnerable processor and runs an un-patched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.


Vendor recommendations:

Information on the vulnerabilities:


Current known list of affected vendors and their respective advisories and/or patch announcements below

Vendor Advisory/Announcement
Amazon (AWS) AWS-2018-013: Processor Speculative Execution Research Disclosure
AMD An Update on AMD Processor Security
Android (Google) Android Security Bulletin—January 2018
Apple HT208331: About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
HT208394: About speculative execution vulnerabilities in ARM-based and Intel CPUs
ARM Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism
Azure (Microsoft) Securing Azure customers from CPU vulnerability
Microsoft Cloud Protections Against Speculative Execution Side-Channel Vulnerabilities
Chromium Project Actions Required to Mitigate Speculative Side-Channel Attack Techniques
Cisco cisco-sa-20180104-cpusidechannel – CPU Side-Channel Information Disclosure Vulnerabilities
Citrix CTX231399: Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Debian Debian Security Advisory DSA-4078-1 linux — security update
Dell SLN308587 – Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products
SLN308588 – Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell EMC products (Dell Enterprise Servers, Storage and Networking)
F5 Networks K91229003: Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
Google’s Project Zero Reading Privileged Memory with a Side-Channel
Huawei Security Notice – Statement on the Media Disclosure of the Security Vulnerabilities in the Intel CPU Architecture Design
IBM Potential CPU Security Issue
Intel INTEL-SA-00088 Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
Lenovo Lenovo Security Advisory LEN-18282: Reading Privileged Memory with a Side Channel
Microsoft Security Advisory 180002: Guidance to mitigate speculative execution side-channel vulnerabilities
Windows Client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
Windows Server guidance to protect against speculative execution side-channel vulnerabilities
SQL Server Guidance to protect against speculative execution side-channel vulnerabilities
Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software
Mozilla Mozilla Foundation Security Advisory 2018-01: Speculative execution side-channel attack (“Spectre”)
NetApp NTAP-20180104-0001: Processor Speculated Execution Vulnerabilities in NetApp Products
nVidia Security Notice ID 4609: Speculative Side Channels
Security Bulletin 4611: NVIDIA GPU Display Driver Security Updates for Speculative Side Channels
Security Bulletin 4613: NVIDIA Shield TV Security Updates for Speculative Side Channels
Raspberry Pi Foundation Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown
Red Hat Kernel Side-Channel Attacks – CVE-2017-5754 CVE-2017-5753 CVE-2017-5715
SUSE SUSE Linux security updates CVE-2017-5715
SUSE Linux security updates CVE-2017-5753
SUSE Linux security updates CVE-2017-5754
Synology Synology-SA-18:01 Meltdown and Spectre Attacks
Ubuntu Ubuntu Updates for the Meltdown / Spectre Vulnerabilities
VMware NEW VMSA VMSA-2018-0002 VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution
Xen Advisory XSA-254: Information leak via side effects of speculative execution

How Meltdown and Spectre Impact VMware ESXi Guests

So the cat’s out of the bag and OS vendors have begun issuing patches to plug the latest in Security Vulnerabilities and Exposures made known to the public.

What is Meltdown and Spectre:

Meltdown and Spectre are exploits, operating against computer architecture that’s been designed into Intel chips. They are capable of accessing the protected areas of memory to potentially decode and read information which should normally be protected.  Information which may be considered sensitive data; such as passwords.

The vulnerability may also allow for the potential read of protected memory locations used by the device and applications (including browsers) that store information in the kernel memory, including potentially sensitive data.



But, I thought OS vendors are and have released patches for this?

For these patches to be fully functional in a guest OS additional ESXi and vCenter Server updates will be required. These updates are being given the highest priority by VMware.  Remember sure the virtual CPU will be protected, however it sits onto of a hypervisor which is its own OS.

What to do?

In the recent VMware Security Advisory, the specified patches should be applied for remediation. Its strongly suggested that those using ESXi update as soon as possible.

VMware Patch Numbers for ESXi Versions:

ESXi 6.5 – ESXi650-201712101-SG
ESXi 6.0 – ESXi600-201711101-SG
ESXi 5.5 – ESXi550-201709101-SG

This 5.5 patch only addresses CVE-2017-5715, not CVE-2017-5753


Info Links:


PSA: Don’t delay or skip patching your VMs just because you or your provider already patched the hypervisor. Otherwise you are still vulnerable to Meltdown & Spectre. If you cycle out your cloud instances periodically, make sure your machine images are patched.

My Facebook: Why I recently purged

Today is Monday, January 1, 2018

I just finished what I is the first round of purges of my social media feeds. Mostly on my Facebook accounts.

This was not a task that was simple to do, because many of the persons removed I do like them but no longer maintain a connection outside of seeing them on my friends list.

I wanted to lower my feed footprint and maximize of the value of relationships that have continued to add value to me.

What I mean by connection:

Those that do not show activity on their account or are not responsive to my attempts to interact with them? In addition, we do not maintain any “offline” connection what so ever these days.

There are those from my past  whom I’ve classified as “watches” that simply may be viewing my posts or have me added as just another notch in their friend count.

Limiting information:

I also wanted to limit my information to a more restricted group of people. People I once knew from the past are practical strangers at this point and I wouldn’t allow a stranger to be on my list, so why would I start now.

Those persons who use third-party apps that gather information from them and their friends. Such apps expose details about my account I would not share openly.

The majority of these apps require login to ones Facebook account.

Once logged in the apps are granted a large amount of access to the persons account and details of their friends.


That said I had placed these users in limited groups giving them basically “no access” to my feeds, and later removing those connected persons.

Relationships fade:

I believe that its perfectly natural that some relationships fade into distant memory and this happened well before the existence of Facebook.  The only difference is now, that I now have taken affirmative action in severing those ties by removing the persons from my friends list.

Where I can be found:

I have many “public” profiles that those looking to follow me can do so. I have made many of them available so feel free to do so.  List below.

My Blog:

My Instagram Accounts:

My Twitter Accounts:

Facebook Pages:


Applications for the vExpert 2018 program are now open

Hey friends, its that time and I for one am super existed to apply again to continue my participation and membership into the vExpert community. Today I have received an email which had details to the newly updated portal and I must say.  Wow! Looks awesome.

Here’s a look at the logon page:


Corey Romero and team revamped this from ground up and ported over existing vExpert members details flawlessly.

So lets talk about the vExpert program.

The VMware vExpert program is VMware’s global evangelism and advocacy program. The program is designed to put VMware’s marketing resources towards your advocacy efforts.

New for vExpert 2018

New this year is a completely new vExpert website for applications, data management, vExpert directory. vExperts will be able to manage your own data (email address, employer, and many others), update your applications, download your license keys and download your vExpert Certificate. Apply at


In addition to being a part of something more there are some cool benefits

vExpert Program Benefits

  • Invite to our private #Slack channel
  • vExpert certificate signed by our CEO Pat Gelsinger.
  • Private forums on
  • Permission to use the vExpert logo on cards, website, etc for one year
  • Access to a private directory for networking, etc.
  • Exclusive gifts from various VMware partners.
  • Private webinars with VMware partners as well as NFR’s.
  • Access to private betas (subject to admission by beta teams).
  • 365-day eval licenses for most products for home lab / cloud providers.
  • Private pre-launch briefings via our blogger briefing pre-VMworld (subject to admission by product teams)
  • Blogger early access program for vSphere and some other products.
  • Featured in a public vExpert online directory.
  • Access to vetted VMware & Virtualization content for your social channels.
  • Yearly vExpert parties at both VMworld US and VMworld Europe events.
  • Identification as a vExpert at both VMworld US and VMworld EU.

And with that — My Profile has been updated #vExpert application submitted.