NSA Releases Updated Guidance on Side-Channel Vulnerabilities

The National Security Agency (NSA) has released a Cybersecurity Advisory providing updated guidance for addressing side-channel vulnerabilities that affect Intel, AMD, ARM, and IBM processors. Side-channel vulnerabilities exploit weaknesses in speculative execution to leak information, potentially allowing for account permission protocols, virtualization boundaries, and protected memory regions to be bypassed. Spectre and Meltdown, which were disclosed in January 2018, are an example of this kind of vulnerability. The NSA notes that vendors of the affected products have released patches to mitigate the vulnerabilities and refers partners to websites that contain the most current source of vulnerability and mitigation information.