Details regarding a previously undisclosed microprocessor vulnerability that could impact Supermicro systems has been announced and requires a microcode update of the system BIOS along with an operating system update. Commonly referred to as Meltdown and Spectre the vulnerability involves malicious code utilizing a new method of side-channel analysis and running locally on a normally operating platform has the potential to allow the inference of data values from memory.
We are working around the clock to integrate, test and release the updates as soon as they are made available. To address the issue systems will need both an Operating System update and a BIOS update. Please check with operating system or VM vendors for related information.
- Intel Advisory (Intel-SA-00088)
- AMD Advisory
- NVD CVE-2017-5715
- NVD CVE-2017-5754
- NVD CVE-2017-5753
Intel issued revised guidance on Monday January 22nd regarding the availability of the BIOS updates required to address the Spectre and Meltdown security issue.
Intel is advising customers to stop deployment of any patches they previously made available. Please see link for complete text.
Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners
"OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior."
- We are awaiting updated microcode from Intel to address the issue
- As soon as we receive the microcode we will update, retest and release the BIOS update
- Customers should not update their BIOS until the updated microcode is available
We will update our this web page with BIOS updates when they are available.