Hello, welcome to the Friday, January 5th, 2018 edition of the Sands and the Storms and a Stormcast.

My name is Johannes Ulrich and the time recording from Jacksonville, Florida.

The big news today, of course, were these CPU vulnerabilities that I briefly mentioned yesterday.

Just after I recorded the podcast yesterday, the paper with all the

details was released. I was still able to add the link to the show notes, but we now have

a lot more detail than we had when I recorded yesterday. First of all, we do have names. Meltdown

and Spector are the two vulnerabilities that are responsible for all the frantic patching

happening right now.

Microsoft actually did release already the patch for the vulnerability.

Originally was scheduled for Tuesday, but I guess with the release of the paper, they decided

to release this patch early.

Let me first focus on what Willie is new and important compared to what I told you yesterday.

First of all, yes, there is a patch from Microsoft.

Secondly, be careful applying that patch.

There's more to it than a performance hit.

Turns out that a number of antivirus products are incompatible with that patch.

Symantec, for example, may cause a blue screen of debt if you are patching a system first for meltdown and you're not

patching semantic first. Most of the antivirus vendors have released updates but make sure

you apply the antivirus update first, then apply the patch for this vulnerability.

I also mentioned yesterday that this vulnerability only affects Intel CPUs.

That's only partially true.

The underlying vulnerability is likely present in AMD and even in ARM CPUs.

...