Spectre Variant 2 mitigation - Intel Microcode

Support for security such as Firewalls and securing linux
mattko
Posts: 2
Joined: 2018/01/12 15:34:33

Spectre Variant 2 mitigation - Intel Microcode

Postby mattko » 2018/01/12 15:43:11

Hi,

First post here 8-)

I have a couple of servers running CENTOS 6.9 and am looking for help in mitigating the effects of Spectre variant 2.

I see Intel has microcode updates available for CENTOS 7> @ https://downloadcenter.intel.com/downlo ... -Data-File

Normally i'd just take a deep breath and apply the code, but both are production servers so I can't really risk it.

Has anyone here successfully applied this code to CENTOS 6 and their system has lived?

Cheers,

User avatar
TrevorH
Forum Moderator
Posts: 21519
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Spectre Variant 2 mitigation - Intel Microcode

Postby TrevorH » 2018/01/12 16:55:27

The microcode-201801xx.tgz file that I downloaded from Intel's site a couple of days ago had a microcode.dat file in it that looked to be in the correct format for CentOS 6. It also had an intel-ucode directory in it that was in the format used for CentOS 7.

However, are you sure you really need to mitigate spectre on a server? It's hard to exploit and requires local access to the box so it's not something that can be exploited remotely (unless you're giving out ssh logins).
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

mattko
Posts: 2
Joined: 2018/01/12 15:34:33

Re: Spectre Variant 2 mitigation - Intel Microcode

Postby mattko » 2018/01/12 22:09:14

Hey Trevor

Cool! Thanks for responding. I'll leave them as they are for the time being.

Cheers,