The National Security Agency updated Side Channel Attack Countermeasures that affect computer processors in 2019.
It offered fresh guidance on how to mitigate the Spectre and Meltdown vulnerabilities and variants of those side channel attacks.
3 updated side channel attack countermeasures for 2019
Here are the new best practices from the NSA:
- Apply system UEFI/BIOS firmware updates provided by system vendors. Firmware updates may not be delivered through established patching services and may be easily missed. Consult vendor support sources, such as Dell® or HP® or similar, for each specific make and model of system.
- Apply microcode updates provided by system vendors and operating system update services. Microcode updates may have a firmware component update in addition to an operating system kernel update. Follow system vendor guidance for applying firmware updates. Consult operating system vendor security bulletins for software patches.
- Apply all vendor operating system, driver, and application patches. Perform configuration changes as indicated. Apple®, Google®, Linux distributions, and Microsoft® have released information and updates for the respective operating systems. Web browsers, drivers, software applications, virtualization solutions, and development kits are also affected. Apply all patches. Flaws and unintentional side effects found in initial patch releases have been resolved. Some patches may require configuration changes to enable the full benefit of mitigations. Check vendor configuration guides.
We would like to point out a key sentence in the first mitigation guideline:
"Firmware updates may not be delivered through established patching services and may be easily missed."
So ask your vendors how the patches are coming over, or ask them to verify that you are up to date with what they have pushed out.