Alliances
1748106 Members
4919 Online
108758 Solutions
New Article ๎ฅ‚
Willa

Re: Resources to help mitigate Speculative Execution vulnerability in Intel and other processors

The news of the recently discovered vulnerabilities in processors from Intel and other manufacturers utilizing โ€œSpeculative Executionโ€ technology has been featured prominently across many news outlets. You may have also heard of it by the names of โ€œMeltdownโ€ and โ€œSpectreโ€.

Just like with any other vulnerability, it is highly advisable to apply any available security updates to your system in a timely manner in order to mitigate any potential attack vector.

In this specific case, mitigation and resolution of these vulnerabilities calls for both updates to the operating system as well as to your HPE ProLiant server's system ROM.

The links below provide further information as well as guidance where to obtain OS (Microsoft) and system ROM updates (HPE):


Microsoft โ€“ Windows Server
:
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

NOTE: there are two steps required:
- Step 1: Download and install the Windows Server OS updates listed in the table referenced in the Microsoft support article above from Windows Update
- Step 2: A set of registry keys has to be enabled in order to switch on the mitigations introduced by the OS updates installed in step 1, please see the instructions in the support article.

Should Windows Update not offer the OS updates listed in the support article linked above, please refer for guidance to the following Microsoft resource covering a potential issue with a small subset of anti-virus products: https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released


HPE โ€“ System ROM updates
(may require active warranty and/or HPE support agreement):
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us

NOTE: The bulletin is being updated periodically as more system ROM updates become available, please check back frequently should your specific ProLiant Gen8 or Gen9 server model be listed under โ€˜Scopeโ€™ for system ROM future availability.

 

Have additional questions? Check out our Speculative Execution vulnerability: frequently asked questions blog.

 

About the Author

Willa

Willa manages the HPE | Microsoft Coffee Coaching program. Follow along to learn more about the latest HPE OEM Microsoft product releases and how the HPE Microsoft partnership can benefit partners and customers.

Comments

Is this list of products listed at https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us complete?

I am not seeing XL190r Gen9, DL380p Gen8 or 9

Will there be System ROM releases for servers older than Gen8?

AndresP

Hi.

Will be there BIOS fix for G7 series (needed for BL 490c G7) ?

We have an array of HP Servers - Proliant DL360 G7 and  DL380 G4 and below, will these never get the ROM updates? Or will it be something you will be looking at sometime in the future?

Jeff Wasilko

We still have g6/g7 blades in place running a custom application that won't be moving to newer hardware immediately. HPE really needs to provide remediation for G6/G7 era servers.

Carmine Natale

any updates for the hp desktops?

thanks.

 

This is great info, but I want to ask if there is any ETA from HPE for the Gen8 ROM updates that include the new microcode?  The HPE Gen9 ROM updates (and presumably Gen10 but I didn't specifically verify) were available for download on the date this Customer Advisory was released 1/4/2018, but no updates have been made available for the Gen8 servers listed in the advisory as far as I can tell.

Thanks, Willa.

How about G7 and older models?

tlong

Are G7 servers going to have ROM updates available as well?  We have a DL380 G7 server that I don't believe is EOSL until 2018.04.30 but I don't see any G7 models in any of HPE's communications regarding Meltdown/Spectre patching.

So that means, HPE has been selling faulty components and will only supply bios upgrades for customers under warranty? 

David Arrufat

Hello from Spain,

 

Should there be any support for the non HP hardware "Simplivity hyperconvergence products?"

There are Lenovo, Cisco and DELL hardware nodes, but rebranded as Simplivity... What must we do in this case? Any engineering contact person to ask to?

Thank you in advance for your help

Regards

Hello,

http://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html

According to this website the Gen9 firmware is recalled!

Can you please elaborate why?

Ivar Helland

Hi!

We also have older servers (proliant Gen7, Gen6 ..)

Are they affectd as well?   if yes - How do we protect them?

 

Regards

Ivar

Michal Mlynar

I would like to ask, if there will be a patch for DL360 G7 and DL320 G6 server?

And when yes, when it is expected.

Does the order of BIOS / OS updates matter and is a reboot required in between? 

HPE is committed to working closely with microprocessor vendors to provide System ROM updates for Gen10, Gen9, Gen8, G7, and older HPE Server generations as microcode updates are made available by procecssor vendors. 

For further information, please visit the Hewlett Packard Enterprise Product Security Vulnerability Alerts page.

There you will find the latest security bulletins with updated information on impacted product versions and the resolutions (patch, upgrade, or configuration change).

In addition, you can subscribe to receive real-time notifications on future HPE Security Bulletins and advisories for your products.

David Arruf,

Once we have fixes for each server platform we support, our engineering team will need to qualify those non-HPE vendor releases with our SimpliVity OS.  Once we know those details, there will be a support bulletin or communications with the patches that will let our customers know what they need to do.

swissembedded The microprocessor vulnerability affects all technology vendors using modern microprocessors and is not specific to HPE. Resolution of this vulnerability requires both an operating system update, provided by the OS vendor, and a System ROM update from HPE. Depending on which HPE systems you are running, you can find instructions on appropriate actions to take on the HPE Vulnerability Website. We are waiving the entitlement check for HPE System ROM updates for products and solutions impacted by this vulnerability, when available, and thus a warranty is not required. 

Carmine Natale Please contact HP Inc. with any questions regarding desktop platforms.