Six months ago, we presented a webinar discussing a brand new class of security vulnerabilities targeting processor hardware called Meltdown and Spectre. In this webinar, we tried to explain that this is a new class of vulnerabilities and while Meltdown and Spectre were first samples, it is only question of time until we will see other attacks.

Fast forward to today and this prediction has proved to be spot on (not that it was that hard to predict) — we have over 10 different variants today. The list below is not complete — smaller variations that are not considered unique enough to have their own CVE number are not listed, for example SgxSpectre, BranchScope, MeltdownPrime and SpectrePrime…

Vulnerability CVE Exploit name Public vulnerability name
Spectre 2017-5753 Variant 1 Bounds Check Bypass (BCB)
Spectre 2017-5715 Variant 2 Branch Target Injection (BTI)
Meltdown 2017-5754 Variant 3 Rogue Data Cache Load (RDCL)
Spectre-NG 2018-3640 Variant 3a Rogue System Register Read (RSRE)
Spectre-NG 2018-3639 Variant 4 Speculative Store Bypass (SSB)
Spectre-NG 2018-3665  – Lazy FP State Restore
Spectre-NG 2018-3693  – Bounds Check Bypass Store (BCBS)
Foreshadow 2018-3615 Variant 5 L1 Terminal Fault (L1TF)
Foreshadow-NG 2018-3620  –  –
Foreshadow-NG 2018-3646  –  –

Join Ryan McClure and me on our free, one-hour webinar on October 25, 2018 where we will focus on the latest family of these security vulnerabilities: L1 Terminal Fault/Foreshadow and Foreshadow-NG.

We will discuss how they work, key differences among the three variants, what they mean for your Citrix infrastructure, how they impact user density, the most effective strategies to minimize the impact. We will also discuss what is the impact on different hypervisors, methods to reclaim lost user density and if there are any changes to sizing guidelines from our field consulting.

If you want to learn more, please join us on October 25 as we discuss the latest development of hardware vulnerabilities drama — including a live Q&A session!

REGISTER NOW! How Foreshadow/L1TF Affects Citrix – And What You Can Do


Martin Zugec & Ryan McClure