Patches appeared in my WSUS console overnight. Tony
-----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife Sent: 04 January 2018 14:15 To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Oh, this one really hurts... Should the patches be available thorugh WSUS? Or do we have to manually download and deploy? -----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Wednesday, January 3, 2018 7:26 PM To: ntsysadm@lists.myitforum.com Subject: RE: [NTSysADM] Oh, this one really hurts... Win10 (and Server 1709) patch is out: https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892 Note that it only installs if the A/V vender has updated their engine! (Or you are using Windows Defender.) There are 3 bugs according to Google. AMD is vulnerable to only one of them and AMD says that the chances of that bug being hit are close to zero. -----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Wednesday, January 3, 2018 8:12 PM To: ntsysadm Subject: Re: [NTSysADM] Oh, this one really hurts... No, it's not trivial. And I have to believe it's going to be cloud providers who are hardest hit, initially. First, MSFT is releasing a patch for Win10 today: https://www.theverge.com/2018/1/3/16846784/microsoft-processor-bug-windows-10-fix Second, it's not just Intel - it seems to also affect AMD and ARM64: https://newsroom.intel.com/news/intel-responds-to-security-research-findings/ But AMD says it's not vulnerable: https://lkml.org/lkml/2017/12/27/2 And, now it's *two* bugs, not just one: https://meltdownattack.com/ And lastly, these flaws, along with this: https://www.thezdi.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor make me more leery than ever of cloud services... Kurt On Wed, Jan 3, 2018 at 4:39 PM, Mark Gottschalk <mgo...@2roads.com> wrote: > "...The effects are still being benchmarked, however we're looking at > a ballpark figure of five to 30 per cent slow down, depending on the > task and the processor model..." > > PostgreSQL: 10%-23% slowdown. > > Wow. That is not trivial. > > > > > From: Kurt Buff <kurt.b...@gmail.com> > To: ntsysadm <NTSysADM@lists.myitforum.com>, Patch Management Mailing > List <patchmanagem...@listserv.patchmanagement.org> > Date: 01/02/2018 06:59 PM > Subject: [NTSysADM] Oh, this one really hurts... > Sent by: <listsad...@lists.myitforum.com> > ________________________________ > > > > "A fundamental design flaw in Intel's processor chips has forced a > significant redesign of the Linux and Windows kernels to defang the > chip-level security bug." > > http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ > > > > ________________________________ DISCLAIMER This material has been checked by us for computer viruses and, although none has been found, we cannot guarantee that it is completely free from such problems and we do not accept liability for loss or damage which may be caused. This message is intended only for use of the individual or entity to whom it is addressed and may contain information which may be privileged and confidential. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately via e-mail and delete the message. Thank you. ******************************************************* Travelers Insurance Company Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority in the UK and is regulated by the Central Bank of Ireland for conduct of business rules. Registered in England 1034343. Registered as a branch in Ireland 903382. Travelers Syndicate Management Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Registered in England 03207530. Travelers Underwriting Agency Limited is authorised and regulated by the Financial Conduct Authority. Registered in England 03708247. Travelers Professional Risks Limited is an appointed representative of Travelers Insurance Company Limited which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Registered in England 05201980 Travelers Management Limited. Registered in England 00972175. The registered offices for all companies listed above is: Exchequer Court, 33 St Mary Axe, London, EC3A 8AG. All other branch offices are available from our websites. travelers.co.uk travelers.ie Issues to: mailto: intad...@travelers.com ________________________________ This communication, including attachments, is confidential, may be subject to legal privileges, and is intended for the sole use of the addressee. Any use, duplication, disclosure or dissemination of this communication, other than by the addressee, is prohibited. If you have received this communication in error, please notify the sender immediately and delete or destroy this communication and all copies. TRVDiscDefault::1201
