High Severity

Potential CPU Security Issue

Feb 10, 2018 5:02 pm EST

Categorized: High Severity

Share this post:

On Wednesday, January 3, researchers announced a security vulnerability impacting microprocessors.  IBM is working with our clients and industry partners on this issue, which has the potential to affect many types of computing devices from different manufacturers. It’s important to note there are no known cases where this vulnerability has been used maliciously.

Patches will be made available for IBM systems via our normal customer portals. Further details concerning potentially impacted processors in the POWER family can be found here.  Per our business as usual process, all information for IBM Z clients can be found at the IBM Z Portal.

IBM Storage appliances are not impacted by this vulnerability.  For Storage, further details concerning this vulnerability can be found here.

Additional information will be provided through normal IBM communications channels, including IBM Security Bulletins. Please actively monitor both your IBM Support Portal and the IBM PSIRT Blog.

The most immediate action clients can take to protect themselves is to prevent execution of unauthorized software on any system that handles sensitive data, including adjacent virtual machines.

We will continue to update this blog to include additional information as appropriate.


Previous Post

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) configuration tool (CVE-2017-3738, CVE-2017-3737)

Next Post

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron
More High Severity stories

IBM Security Bulletin: IBM Cloud Private is affected by a privilege escalation vulnerability in Kubernetes API server

Dec 10, 2018 9:01 am EST | High Severity

IBM Cloud Private is affected by a security vulnerability in Kubernetes which in some cases can allow unauthorized access to the Kubernetes API Server and/or trusted user privilege escalation. CVE(s): CVE-2018-1002105 Affected product(s) and affected version(s): IBM Cloud Private 3.1.1 IBM Cloud Private 3.1.0 IBM Cloud Private 2.1.0.3 IBM Cloud Private 2.1.0.2 Refer to the ...read more

IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability for libcURL (CVE-2018-14618)

Dec 10, 2018 9:01 am EST | High Severity

IBM has released the following fixes for IBM Lotus Protector for Mail Security in response to CVE-2018-14618. CVE(s): CVE-2018-14618 Affected product(s) and affected version(s): Affected Product Name Affected Versions IBM Lotus Protector for Mail Security 2.8.3.0 IBM Lotus Protector for Mail Security 2.8.1.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more

IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from OpenSSL (CVE-2018-0732)

Dec 10, 2018 9:01 am EST | Low Severity

IBM has released the following fixes for IBM Lotus Protector for Mail Security in response to CVE-2018-0732. CVE(s): CVE-2018-0732 Affected product(s) and affected version(s): Affected Product Name Affected Versions IBM Lotus Protector for Mail Security 2.8.3.0 IBM Lotus Protector for Mail Security 2.8.1.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more