Intel® Speculative Execution Side-Channel method called L1 Terminal Fault (L1TF)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.                        

Source: Intel® Article ID: Intel SA-00161

Potential Security Impact: Toshiba is aware of the Intel® Speculative Execution Side-Channel method called L1 Terminal Fault (L1TF) security issue.  The security and privacy of our customers' information are priorities for Toshiba. Toshiba is working closely with Intel to provide firmware and/or software updates as soon as possible to resolve this security vulnerability. Update details for these platforms will be added to this document as they become available.

In the meantime, Toshiba recommends that customers update their systems to the latest Toshiba firmware and software, apply all of Microsoft System Updates as they become available and follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.

In addition, Toshiba encourages customers to review both Intel’s Security Advisory and the Microsoft Advisory Notice for information, including appropriate identification and mitigation measures.

Available Resources:

• Intel Security Advisory (INTEL-SA-00161)
  • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
• Intel Security Advisory (INTEL-SA-00115)
  • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
• Other information for this side-channel analysis:
  • CVE-2018-3639 – Speculative Store Bypass (SSB) – also known as Variant 4
  • CVE-2018-3640 – Rogue System Register Read (RSRE) – also known as Variant 3a

• If your system has been updated to address Intel Security Advisory (INTEL-SA-00115), then no actions are required.
• If your system has not been updated then download and install the latest firmware update: [Intel AMT/ME-FW Update Tool]

The information in this document is subject to change without notice.
"Intel" is a trademark of Intel Corporation in the U.S. and other countries.
Other names and brands may be claimed as the property of others.