Main ∕
News and Events ∕
News ∕ Customer Guidance from the HPE in Response to Microprocessor Vulnerability
Customer Guidance from the HPE in Response to Microprocessor Vulnerability
PALO ALTO, CA—January 15, 2017 - Hewlett Packard Enterprise (NYSE: HPE) provided detailed guidance on how to mitigate risk and resolve the recently disclosed, industrywide microprocessor vulnerability, often referred to as the Side-Channel Analysis Method, or Spectre and Meltdown.
To address this vulnerability, HPE, along with hardware and software vendors from across the industry, have been working together to publish the appropriate resolutions. Resolution of this vulnerability requires both an operating system update, provided by the OS vendor, and a System ROM update from HPE.
HPE has created a detailed HPE Customer Guidance Pack, which includes step-by-step instructions, frequently asked questions (FAQ) and a compilation of important links to the most common operating system (OS) and microcode updates used with current HPE server generations. HPE also recommends that customers review statements published by the microprocessor vendors: Intel, AMD, and ARM.
In the HPE Customer Guidance Pack, HPE recommends to follow the steps below to determine their risk and mitigation plan:
Summary of the Vulnerability
Recently, an industrywide vulnerability was identified that involves modern microprocessor architectures from multiple CPU vendors, including Intel, AMD and ARM. Based on new security research, there are software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Products from all hardware manufacturers, including HPE, as well as public clouds that use affected modern microprocessor architectures are potentially impacted.To address this vulnerability, HPE, along with hardware and software vendors from across the industry, have been working together to publish the appropriate resolutions. Resolution of this vulnerability requires both an operating system update, provided by the OS vendor, and a System ROM update from HPE.
HPE has created a detailed HPE Customer Guidance Pack, which includes step-by-step instructions, frequently asked questions (FAQ) and a compilation of important links to the most common operating system (OS) and microcode updates used with current HPE server generations. HPE also recommends that customers review statements published by the microprocessor vendors: Intel, AMD, and ARM.
In the HPE Customer Guidance Pack, HPE recommends to follow the steps below to determine their risk and mitigation plan:
- Determine if you have a system that is impacted by this vulnerability. HPE is maintaining a list of impacted products on the HPE vulnerability website.
- If your system is impacted, download and install the OS update provided by the OS vendor. Depending on which system you are running, you can find instructions on appropriate actions to take in the HPE Security Bulletin.
- Update the System ROM to a revision containing an updated microcode from HPE. Depending on which system you are running, you can find instructions on appropriate actions to take in the HPE Security Bulletin.
- Reboot the impacted system as required, ensuring the new updates are fully deployed.