PDF《TC260-PG-20181A》

6 统(包括 Windows Server 系列、Linux 系列、UNIX 系列等) 和虚拟化产品类型 (包括 VMWare vSphere、 Citrix XenServer 等),下载相应补丁并实施升级. 3. 云租户 云租户升级主要包括租户操作系统和应用升级等. (1)升级准备.关注云服务提供商的安全公告,研究 云服务提供商发布的升级指导.结合自身业务,确定受影响 的操作系统和相关应用,评估性能、兼容性、业务连续性等 方面的影响,制定升级计划和方案.执行升级前应备份相关 数据和系统. (2)升级实施.根据制定的升级方案,升级客户操作 系统和上层应用. 4. 个人用户 尽管上述漏洞影响极为广泛,但漏洞利用条件较为苛 刻,攻击成功率低.建议关注各操作系统厂商、浏览器厂商、 整机厂商等的安全公告,采用系统自带的系统升级工具或第 三方提供的漏洞管理工具下载和安装补丁,从而避免漏洞的 影响.同时,个人用户应安装并及时更新防病毒软件,并养 成良好上网习惯,不轻易浏览不信任的网站,不轻易点击来 源不明的网页链接,提高安全防范意识.

7 附件 A: 部分厂商安全公告和补丁链接 类别 名称 官方链接 处理器 Intel https://security-center.intel.com/ https://newsroom.intel.cn/press-kits/security-exploits-intel-products/ AMD http://www.amd.com/en/corporate/speculative-execution ARM https://developer.arm.com/support/security-update IBM http://www-01.ibm.com/support/docview.wss?uid=swg22012320 http://download.boulder.ibm.com/ibmdl/pub/software/server/firmware/SC-Firmware-Hist.html NVIDIA http://nvidia.custhelp.com/app/answers/detail/a_id/4611 操作系统 微软 https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/ADV180002 https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-c hannel-vulnerabilities-in 苹果 https://support.apple.com/zh-cn/HT208394

8 Android https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html https://www.chromium.org/Home/chromium-security/ssca https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html RedHat https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/articles/3311301#page-table-isolation-pti-6 Ubuntu https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown SUSE https://www.suse.com/support/kb/doc/?id=7022512 中标麒麟 安全公告: http://www.cs2c.com.cn/news/index.php?id=1120 产品补丁: http://ssms.cs2c.com.cn/otrs/pc?Action=PublicFAQExplorer;

CategoryID=41 普华 安全公告: http://www.i-soft.com.cn/type/4/3704.jhtml

9 http://www.i-soft.com.cn/article/102461.jhtml 产品补丁: http://www.i-soft.com.cn/article/102461.jhtml 浏览器 Microsoft IE/Edge https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/ADV180002 Firefox https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ Chrome https://www.chromium.org/Home/chromium-security/ssca Safari https://support.apple.com/zh-cn/HT208394 服务器 华为 http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180106-01-cpu-cn 思科 https://blogs.cisco.com/security/talos/meltdown-and-spectre 联想 https://support.lenovo.com/us/zh/solutions/len-18282 云服务 阿里云 安全公告: https://help.aliyun.com/noticelist/articleid/20700730.html

10 帮助文档: https://help.aliyun.com/knowledge_detail/64951.html 腾讯云 安全公告: http://bbs.qcloud.com/thread-48531-1-1.html 产品补丁: http://bbs.qcloud.com/thread-48540-1-1.html 华为云 http://www.huaweicloud.com/about/notice_securecenter_1.html Azure https://www.azure.cn/blog/2018/01/04/Securing-Azure-customers-from-CPU-vulnerability 虚拟化产 品XEN https://xenbits.xen.org/xsa/advisory-254.html QEMU 安全公告: https://www.qemu.org/2018/01/04/spectre/ 非官方产品补丁: https://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg00811.html