VMware Releases Security Updates

Original release date: March 15, 2018

VMware has released security updates to address vulnerabilities in VMware Workstation and Fusion. A remote attacker could exploit these vulnerabilities to cause a denial-of service condition.NCCIC/US-CERT en…

Original release date: March 15, 2018

VMware has released security updates to address vulnerabilities in VMware Workstation and Fusion. A remote attacker could exploit these vulnerabilities to cause a denial-of service condition.

NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0008 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Intel outlines plans for Meltdown and Spectre fixes, microcode for older chips

Enlarge / Intel Ivy Bridge Xeon E7 v2 die shot. (credit: Fritzchens Fritz)
Shipping in the second half of this year, the next generation of Xeon Scalable Processors (codenamed Cascade Lake) will contain hardware fixes for the Meltdown attack and cer…

Enlarge / Intel Ivy Bridge Xeon E7 v2 die shot. (credit: Fritzchens Fritz)

Shipping in the second half of this year, the next generation of Xeon Scalable Processors (codenamed Cascade Lake) will contain hardware fixes for the Meltdown attack and certain variants of the Spectre attack. So, too, will a range of processors using the same 8th generation Core branding that some processors are already using.

Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies.

The Spectre attack has two variants, numbered version 1 and version 2. Spectre version 1 attacks will need software fixes, and the nature of these attacks means that they may always need software fixes. Applications that try to build sandboxes—locked-down environments used for running potentially hostile code, such as JavaScript in the browser—will need to be examined and updated to provide robust protection against Spectre version 1.

Read 4 remaining paragraphs | Comments

Intel outlines plans for Meltdown and Spectre fixes, microcode for older chips

Enlarge / Intel Ivy Bridge Xeon E7 v2 die shot. (credit: Fritzchens Fritz)
Shipping in the second half of this year, the next generation of Xeon Scalable Processors (codenamed Cascade Lake) will contain hardware fixes for the Meltdown attack and cer…

Enlarge / Intel Ivy Bridge Xeon E7 v2 die shot. (credit: Fritzchens Fritz)

Shipping in the second half of this year, the next generation of Xeon Scalable Processors (codenamed Cascade Lake) will contain hardware fixes for the Meltdown attack and certain variants of the Spectre attack. So, too, will a range of processors using the same 8th generation Core branding that some processors are already using.

Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies.

The Spectre attack has two variants, numbered version 1 and version 2. Spectre version 1 attacks will need software fixes, and the nature of these attacks means that they may always need software fixes. Applications that try to build sandboxes—locked-down environments used for running potentially hostile code, such as JavaScript in the browser—will need to be examined and updated to provide robust protection against Spectre version 1.

Read 4 remaining paragraphs | Comments

Intel outlines plans for Meltdown and Spectre fixes, microcode for older chips

Enlarge / Intel Ivy Bridge Xeon E7 v2 die shot. (credit: Fritzchens Fritz)
Shipping in the second half of this year, the next generation of Xeon Scalable Processors (codenamed Cascade Lake) will contain hardware fixes for the Meltdown attack and cer…

Enlarge / Intel Ivy Bridge Xeon E7 v2 die shot. (credit: Fritzchens Fritz)

Shipping in the second half of this year, the next generation of Xeon Scalable Processors (codenamed Cascade Lake) will contain hardware fixes for the Meltdown attack and certain variants of the Spectre attack. So, too, will a range of processors using the same 8th generation Core branding that some processors are already using.

Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies.

The Spectre attack has two variants, numbered version 1 and version 2. Spectre version 1 attacks will need software fixes, and the nature of these attacks means that they may always need software fixes. Applications that try to build sandboxes—locked-down environments used for running potentially hostile code, such as JavaScript in the browser—will need to be examined and updated to provide robust protection against Spectre version 1.

Read 4 remaining paragraphs | Comments