Attention IBM i System and Security Administrators! Spectre and Meltdown do affect Power Systems servers. Find out how you can protect your systems.
On January 9, IBM announced that the highly publicized Spectre and Meltdown vulnerabilities announced by Google researchers January 3, 2018, do affect Power Systems.
Yes, this means IBM i and AIX systems have these vulnerabilities. PTFs will be released for IBM i and AIX February 12.
These vulnerabilities are yet another example of the need to stay current—both with the version of the operating system running and with PTFs. Numerous and well-documented breaches have occurred due to unpatched systems . . . anyone remember the Equifax breach?!? Unpatched systems pose a risk to your organization!
To stay up to date on the latest developments and recommendations about this and future security issues, we highly recommend that you subscribe to the IBM’s Security Bulletins and monitor the IBM PSIRT Blog. Registering for IBM Security Bulletins means you'll be notified when fixes for this and other security vulnerabilities become available. If you haven’t already registered, step-by-step instructions can be found here.
While patches for Spectre and Meltdown are causing performance issues in some situations on Windows Server and Windows 7, no performance information or guidance has been released from IBM. In other words, we have no idea whether IBM i will suffer performance issues once the PTFs have been applied. Be sure to check the PSIRT blog and individual PTF coverletters prior to applying these PTFs for any guidance IBM may provide.
We’ll post additional details on these vulnerabilities and how they affect IBM i as they become available.
Update: IBM i has just released PTFs in response to Spectre and Meltdown. You can get all the details here >
January 30 update: IBM has released firmware updates. Learn more >
February 8 update: IBM has released more PTFs. Note that you'll need to apply both the firmware as well as the IBM i PTFs to fully eliminate the vulnerabilities.
February 23 update: More PTFs are available for organizations running POWER7 and POWER7+ hardware.
May 23 update: Additional Meltdown and Spectre vulnerabilities have been revealed, and IBM has released more IBM i PTFs to address them.
Get Your Security Scan
Today's organizations face increasingly sophisticated threats. Find out how secure your Power Systems server is and where it might be vulnerable. Request your Security Scan today.