back to article Cisco to release patches for Meltdown, Spectre CPU vulns, just in case

Cisco is the latest company to prepare patches to tackle the serious security vulnerabilities affecting the majority of CPUs, Meltdown and Spectre. Cybersecurity group CERT has warned companies that the only way to protect themselves from the flaw was to rip out and replace their processors. It has since backtracked on that …

  1. Anonymous Coward
    Anonymous Coward

    LInk?

    A link to the Patch in Cisco's site too much to ask?

    1. Anonymous South African Coward Bronze badge

      Re: LInk?

      Most probably you'll need to have an account with them, or else you'll have to ask somebody else to download it for you.

      Never knew Cisco was also in the virtualization game as well...

      1. joed

        Re: LInk?

        Cisco is stuck in security by obscurity model with their head deep in the sand. Just try accessing any security/bug disclosure or just their software product support in general. You may as well look elsewhere on the web.

      2. Captain Scarlet Silver badge

        Re: LInk?

        "Cisco was also in the virtualization game"

        Yeah, items such as Cisco Unity Communications are virtual these days, I assume so is the rest of Cisco appliances they used to sell many years ago.

      3. sanmigueelbeer

        Re: LInk?

        Never knew Cisco was also in the virtualization game as well

        A lot of Cisco gears were never made by Cisco. The CUCM were IBM servers. Previously, some of their so-called "servers" came from Sun and repainted with Cisco's color.

        As expected, the current update to the exploit has listed UCS servers as affected. Nexus gears are currently "under investigation" but I'm sure they're going to be affected.

        What I don't understand is the people who've discovered these exploited have informed Intel and other large Intel users since April 2017. So why is Cisco's patch scheduled to be released in February 2018? And why is it taken so long to investigate if Nexus family of switches are affected or not?

        1. Anonymous Coward
          Anonymous Coward

          Re: LInk?

          Anything valuable to contribute or are you just fake concern trolling. Micorsoft and AWS released their patches just now and MSFT’s attempts are making matters worse.

          Not sure what your endgame is but I am quite satisfied with Cisco’s support. They have always treated me well.

          1. MAH

            Re: LInk?

            VMware actually released their patches for ESX back in Nov 2017 quietly. I recently upgraded my environment to ESX 6.0 in December and when I went looking for VMware patches, realized it was already patched up.

    2. AmenFromMars

      Re: LInk?

      https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel

      If you've got a contract you can sign up to their Notification Service

  2. Kernel_Ninja

    Cisco Security Team

    National Security Agency

    9800 Savage Rd., Suite 6272

    Ft. George G. Meade, MD 20755-6000

    301-688-6311

    Please forward all your Cisco Security Queries here.

  3. Anonymous Coward
    Anonymous Coward

    "The majority of Cisco products are closed systems, which do not allow customers to run custom code on the device,"

    Having gotten a root shell on most of their linux based 'small business' devices - this doesn't fill me with confidence..

    1. EnviableOne

      their small business devices are the reason they bought Linksys, and they are mostly locked down to a menu subsystem, you have to jump through hoops just to get an iOS prompt, even then running yor own code is nigh on impossible.

  4. Version 1.0 Silver badge
    Big Brother

    Meanwhile, back at the ranch ...

    My money's on NSA/GCHQ already having a vector to replace the patch with code that enables the bug again but reports that the patch is in place ... if I was in their business I'd work on the assumption that every tailored access would be discovered and I'd have a "fix" ready to go.

    Note that everyone is treating this as a "bug" and not a design feature ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like