What are they?
These are two vulnerabilities that affect computer chips in Servers, Desktops, Mobile devices and even Smart TV’s.
What do the affect?
These come in to affect when the kernel (part of the computers operating system) places data in the chips memory cache, the chip is then managing this, it is at this point these vulnerabilities come into play.
How do they work?
Spectre – gets programs to perform operations that leak data.
Meltdown – grabs information by examining the memory used by the kernel.
For either of these to be exploited by a hacker, code must be downloaded to the computer.
Even if this code is run, only small snippets of data are transferred, requiring these to be pieced together, to reveal useful information.
What are the manufacturers doing about it?
Microsoft, VMware, Apple, Red Hat and others are releasing patches, links to the current releases of some of these are below.
Microsoft :
Windows 8.1 and Server 2012 R2
VMware:
Apple:
Red Hat:
Linux:
You will need to look at the correct distro for full infomation but here will be a start
What affect will these patches have?
These patches have an impact on system performance. This is because they get the processor to frequently access information from memory, and this will cause it to work harder and potentially have a performance impact. How big? This is dependent on the type of workload, age of the processor and operating system. These factors will mean the degradation in performance could range from a couple of percent to significantly into double figures. Some benchmarking has been done which shows the impact ranging between 2% and 30%.
Should I patch?
Before deciding whether to patch or not, you will need to consider how controlled your environment is and what risk level there is. An assessment should then be made of the risk involved against the potential performance impact of the patches.