Bromium Response Intel CPU Design Flaw Remediation
- The design flaw has been in existence for the last decade and does not affect Bromium.
- Operating system vendors are the only ones who can remediate the vulnerability.
- The Microsoft patch – out today – requires Bromium customers to upgrade before patching Windows.
- Spectre or Meltdown cannot be directly used to steal information from an unpatched machine with Bromium because there is no sensitive information in the VM.
You may have already heard about the Intel CPU design flaw that is a breaking story in today’s news. According to The Register, this vulnerability has been in chips shipped over the last decade. Based on how Bromium works, this vulnerability does not affect Bromium. You are still protected from kernel exploits because of our application isolation.
Microsoft’s patch triggers need for Bromium upgrade.
Unfortunately, the only way to remediate the vulnerability is for Microsoft – and other operating system vendors – to deliver a patch. The Microsoft Patch is out now and Windows 10 will try to automatically update – if you’re a Bromium customer, we recommend pausing that update until your Bromium upgrade is complete. Because of how we work with the operating system, the Microsoft patch will require a Bromium upgrade to ensure our protection continues to work as expected.
Read the entire article here, Bromium Response Intel CPU Design Flaw Remediation
via the fine folks at Bromium