Side-Channel Analysis Method (Spectre & Meltdown) Security Review
Reference:
Security vulnerabilities (CVE 2017- 5715, CVE 2017- 5753, CVE 2017- 5754, SA-00088)
Vulnerability Summary:
Malicious code utilizing a new method of side-channel analysis and running locally on a normally operating platform has the potential to allow the inference of data values from memory. This issue takes advantage of techniques commonly used in many modern processor architectures.
Potential impacts:
Elevation of Privilege / Information Disclosure
The exploits do not have the potential to corrupt, modify or delete data.
For more detailed information please refer to Intel® Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method (Intel-SA-00088)
Mitigation:
Referring to the recommendations made by third-party suppliers, Fujitsu strongly advises all customers to update affected products. Updates are provided through an updated version of the BIOS and the necessary patches for the dedicated operating system. Under some circumstances, enabling these updates may affect performance. The actual performance impact will depend on multiple factors, such as the specific CPU generation in your physical host and the system load (used application). Fujitsu recommends that customers assess the performance impact for their system environment and make necessary adjustments.
The security of our products and our customers’ data is number one priority for Fujitsu. We are continuing to work with our partners in the industry to minimize any potential performance impact.
Fujitsu highly recommends customers to ensure that systems are physically secured where possible, and follow good security practices to ensure that only authorized personnel have access to devices.
Recommended steps:
- It is necessary to update the BIOS.
- Consult the list of affected Fujitsu systems for the timing of BIOS availability.
- To download the respective updates for your system, please go to the Fujitsu Support page and perform the following steps:
- Select Product.
- Select Series.
- Select Model.
- Press Go.
- Download and install the latest BIOS update package.
Affected Products:
A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute patches for all affected products that are currently supported. Older systems that are no longer supported will not be patched.
An overview of the affected Client Computing Devices can be found here:
| Model Name | Update Type | Release Date1 |
|---|---|---|
| LIFEBOOK E547 | BIOS | March 2018 vPro V1.15 non-vPro V1.11 |
| LIFEBOOK E557 | BIOS | March 2018 vPro V1.15 non-vPro V1.11 |
| LIFEBOOK P727 | BIOS | March 2018 V1.14 |
| LIFEBOOK T937 | BIOS | March 2018 V1.15 |
| LIFEBOOK U727 | BIOS | March 2018 V1.20 |
| LIFEBOOK U747 | BIOS | March 2018 V1.20 |
| LIFEBOOK U757 | BIOS | March 2018 V1.20 |
| LIFEBOOK U937 | BIOS | March 2018 V1.12 |
| STYLISTIC Q737 | BIOS | March 2018 V1.13 |
| LIFEBOOK E546 | BIOS | March 2018 vPro V1.21 non-vPro V1.28 |
| LIFEBOOK E556 | BIOS | March 2018 vPro V1.21 non-vPro V1.28 |
| LIFEBOOK E736 | BIOS | March 2018 vPro V1.23 non-vPro V1.29 |
| LIFEBOOK E746 | BIOS | March 2018 vPro V1.23 non-vPro V1.29 |
| LIFEBOOK E756 | BIOS | March 2018 vPro V1.23 non-vPro V1.29 |
| LIFEBOOK T726 | BIOS | March 2018 V1.17 |
| LIFEBOOK T936 | BIOS | March 2018 V1.17 |
| LIFEBOOK U727 6th Gen | BIOS | March 2018 V1.07 |
| LIFEBOOK U747 6th Gen | BIOS | March 2018 V1.07 |
| LIFEBOOK U757 6th Gen | BIOS | March 2018 V1.07 |
| STYLISTIC Q616 | BIOS | March 2018 V1.14 |
| STYLISTIC Q736 | BIOS | March 2018 V1.17 |
| LIFEBOOK T725 | BIOS | May 2018 V1.20 |
| LIFEBOOK T935 | BIOS | May 2018 V1.20 |
| LIFEBOOK U745 | BIOS | May 2018 V1.22 |
| STYLISTIC Q665 | BIOS | May 2018 V1.16 |
| STYLISTIC Q775 | BIOS | May 2018 V1.21 |
| LIFEBOOK E544 | BIOS | May 2018 V1.12 |
| LIFEBOOK E554 | BIOS | May 2018 V1.12 |
| LIFEBOOK E734 | BIOS | May 2018 vPro V1.33 non-vPro V1.24 |
| LIFEBOOK E744 | BIOS | May 2018 vPro V1.33 non-vPro V1.24 |
| LIFEBOOK E754 | BIOS | May 2018 vPro V1.33 non-vPro V1.24 |
| LIFEBOOK T734 | BIOS | May 2018 vPro V1.15 non-vPro V1.13 |
| LIFEBOOK T904 | BIOS | May 2018 V1.18 |
| LIFEBOOK U904 | BIOS | May 2018 V1.17 |
| STYLISTIC Q704 | BIOS | May 2018 vPro V1.39 non-vPro V1.34 |
| 1. Dates are subject to change | ||
* Please note that this information is subject to change without any prior notice.
Microsoft Windows Advisory
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180002