IBM’s complete Meltdown fix won’t land until mid-February

POWER CPU patches available now or next week, AIX and i OS fixes are more than a month off


IBM’s started to release its own patches for the Meltdown mess and the Spectre SNAFU, which it’s half-confirmed impact its hardware and operating systems, but won’t have a complete fix until mid-February.

We say half-confirmed because Big Blue has only said it has problems with the processor issues Google mentioned last week, rather than naming either bug.

The company strongly hinted that POWER systems were in trouble last Thursday, January 4th. On Tuesday the 9th the company confirmed the problem, admitting that its kit “could allow a party that has access to the system to access unauthorized data.”

Meltdown

IBM melts down fixing Meltdown as processes and patches stutter

READ MORE

The fix has two steps: IBM wrote that it “involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to these vulnerabilities and is a pre-requisite for the OS patch to be effective.”

As of Tuesday, the POWER7+ and POWER8 patches are ready. IBM’s promised POWER9 patches on January 15th. So that’s the pre-requisites sorted. But patches for AIX and the i operating system “will be available February 12.” That’s more than a month away at the time of writing.

While it prepares its OS patches, IBM’s advised clients that “If this vulnerability poses a risk to your environment, then the first line of defense is the firewalls and security tools that most organizations already have in place.” Big Blue’s also said “Clients should review these patches in the context of their datacenter environment and standard evaluation practices to determine if they should be applied.”

The latter is a motherhood statement but perhaps also tacit recognition that AIX and i often run in environments where applications are so sensitive to downtime that change windows are few and far between.

That means the lag between CPU patches and OS patches might not be entirely unwelcome in some IBM shops as they’ve got a month to plan the firmware upgrade on test and dev rigs and can plan one nice big change window not long after the OS patches drop in mid-February. ®

Similar topics

Narrower topics


Other stories you might like

  • IBM finally shutters Russian operations, lays off staff
    Axing workers under 40 must feel like a novel concept for Big Blue

    After freezing operations in Russia earlier this year, IBM has told employees it is ending all work in the country and has begun laying off staff. 

    A letter obtained by Reuters sent by IBM CEO Arvind Krishna to staff cites sanctions as one of the prime reasons for the decision to exit Russia. 

    "As the consequences of the war continue to mount and uncertainty about its long-term ramifications grows, we have now made the decision to carry out an orderly wind-down of IBM's business in Russia," Krishna said. 

    Continue reading
  • IBM AI boat to commemorate historic US Mayflower voyage finally lands… in Canada
    Nearly two years late and in the wrong country, we welcome our robot overlords

    IBM's self-sailing Mayflower Autonomous Ship (MAS) has finally crossed the Atlantic albeit more than a year and a half later than planned. Still, congratulations to the team.

    That said, MAS missed its target. Instead of arriving in Massachusetts – the US state home to Plymouth Rock where the 17th-century Mayflower landed – the latest in a long list of technical difficulties forced MAS to limp to Halifax in Nova Scotia, Canada. The 2,700-mile (4,400km) journey from Plymouth, UK, came to an end on Sunday.

    The 50ft (15m) trimaran is powered by solar energy, with diesel backup, and said to be able to reach a speed of 10 knots (18.5km/h or 11.5mph) using electric motors. This computer-controlled ship is steered by software that takes data in real time from six cameras and 50 sensors. This application was trained using IBM's PowerAI Vision technology and Power servers, we're told.

    Continue reading
  • IBM buys Randori to address multicloud security messes
    Big Blue joins the hot market for infosec investment

    RSA Conference IBM has expanded its extensive cybersecurity portfolio by acquiring Randori – a four-year-old startup that specializes in helping enterprises manage their attack surface by identifying and prioritizing their external-facing on-premises and cloud assets.

    Big Blue announced the Randori buy on the first day of the 2022 RSA Conference on Monday. Its plan is to give the computing behemoth's customers a tool to manage their security posture by looking at their infrastructure from a threat actor's point-of-view – a position IBM hopes will allow users to identify unseen weaknesses.

    IBM intends to integrate Randori's software with its QRadar extended detection and response (XDR) capabilities to provide real-time attack surface insights for tasks including threat hunting and incident response. That approach will reduce the quantity of manual work needed for monitoring new applications and to quickly address emerging threats, according to IBM.

    Continue reading

Biting the hand that feeds IT © 1998–2022