LInk?
A link to the Patch in Cisco's site too much to ask?
Cisco is the latest company to prepare patches to tackle the serious security vulnerabilities affecting the majority of CPUs, Meltdown and Spectre. Cybersecurity group CERT has warned companies that the only way to protect themselves from the flaw was to rip out and replace their processors. It has since backtracked on that …
Never knew Cisco was also in the virtualization game as well
A lot of Cisco gears were never made by Cisco. The CUCM were IBM servers. Previously, some of their so-called "servers" came from Sun and repainted with Cisco's color.
As expected, the current update to the exploit has listed UCS servers as affected. Nexus gears are currently "under investigation" but I'm sure they're going to be affected.
What I don't understand is the people who've discovered these exploited have informed Intel and other large Intel users since April 2017. So why is Cisco's patch scheduled to be released in February 2018? And why is it taken so long to investigate if Nexus family of switches are affected or not?
My money's on NSA/GCHQ already having a vector to replace the patch with code that enables the bug again but reports that the patch is in place ... if I was in their business I'd work on the assumption that every tailored access would be discovered and I'd have a "fix" ready to go.
Note that everyone is treating this as a "bug" and not a design feature ...