[Download]: Critical HPE Servers ROM Update – Spectre Vulnerability

Critical HPE Servers ROM Update

HPE has released ROM updates for ProLiant servers at March 2018. Those updates has been released in order to updating Intel processor microcode to the latest version.

 

After discovering the vulnerability at January 2018, Operating Systems updates and ROM updates have been released by OS vendors and hardware vendors to preventing security breaches.

There are three variants of this vulnerability as indicated in the table below. As indicated, all three variants require operating system updates for mitigation. Variant 2 also requires an updated microcode from the processor vendor which HPE delivers as part of the System ROM. All variants of the vulnerability require malicious software to run on the system. To reduce exposure to these vulnerabilities, HPE recommends customers vigilantly maintain security best practices and keep systems up-to-date.

 Name CVE Number OS Update Required Microcode Required 
Variant 1 Spectre CVE-2017-5753 Yes No 
Variant 2 Spectre CVE-2017-5715 Yes Yes 
Variant 3 Meltdown CVE-2017-5754 Yes No 

Read more the below link, about updated ROM and find the list of servers that those servers have available system ROM:

Bulletin: (Revision) HPE ProLiant, Moonshot and Synergy Servers – Side Channel Analysis Method Allows Improper Information Disclosure in Microprocessors (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

Davoud Teimouri

Davoud Teimouri is as a professional blogger, vExpert 2015/2016/2017/2018, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

4 Responses

  1. Theo Merian says:

    Davoud – Thanks for all you do. It’s like we live in the same world – Your posts are always timely and helpful. Keep it up!

  2. Fernan says:

    Hey, thanks a lot for your work!

    Do you know whether these solutions impact server performance? What I understood is that all solutions went through a decrease in performance.

    Thanks again!

Leave a Reply

Your email address will not be published. Required fields are marked *