Microsoft usually only issues patches on the second Tuesday of every month (so-called “Patch Tuesday”). However, when there is a vulnerability that is being exploited in the wild (or is likely to be) Microsoft may issue an out of band patch. That’s exactly what happened yesterday. The vulnerability being patched was introduced when Microsoft patched […]
Archive | Meltdown
Vulnerability disclosure – did we get it right with Meltdown and Spectre?
Meltdown Responsible Disclosure Spectre Vulnerabilities Vulnerability DisclosureToday Rendition Infosec is releasing a blog post that we started writing more than a month ago. Why now? The dust has settled, that’s why. Prior to the dust settling on Meltdown and Spectre, we think this very important conversation would have been lost in the noise. In light of these vulnerabilities, we think it […]
Updated Spectre and Meltdown Presentation
Meltdown Spectre VulnerabilitiesToday I gave an updated presentation about Meltdown and Spectre for SANS APAC (at an APAC friendly time). I’ll post the video from the new webcast when I have it. In the meantime, you can download slides here: Updated Meltdown/Spectre Presentation Slides A few useful links from the presentation are included below: Verifying Meltdown/Spectre […]
Meltdown and Spectre – enterprise action plan
Meltdown Spectre VulnerabilitiesUnless you’ve been living under a rock for the last 24 hours, you’ve heard about the Meltdown and Spectre vulnerabilities. I did a webcast with SANS about these vulnerabilities, how they work, and some thoughts on mitigation. I highly recommend that you watch the webcast and/or download the slides to understand more of the technical […]
Meltdown and Spectre Vulnerability Slides and Video
Meltdown Spectre VulnerabilitiesUpdate (2018-01-08): I delivered another SANS webcast with updated information. Slides and useful links can be found here. Update: SANS has made the webcast freely available on YouTube. Thanks to all who joined the SANS Webcast on Meltdown and Spectre. The system unfortunately had issues that wouldn’t allow everyone to join that wanted to. I […]