These are vulnerabilities in processors on personal computers, mobile devices, and in the cloud. Follow the steps below to find out if you have affected systems, and fix the vulnerabilities.

1. Search for vulnerabilities

Find out if you have Meltdown or Spectre in your systems by opening Puppet Remediate, navigating to Vulnerabilities, and typing the following numbers into the CVE Search box:

Meltdown

1. In the CVE Search box, type: CVE-2017-5754
2. Press Enter or click Search

Spectre

1. In the CVE Search box, type: CVE-2017-5753
2. Press Enter or click Search

1. In the CVE Search box, type: CVE-2017-5715
2. Press Enter or click Search

If Meltdown or Spectre are detected continue to the next step.

2. Download the module

Download the Detect and remediate Meltdown / Spectre vulnerability module (as a .tar.gz file) from the Puppet Forge.

3. Add the task

In Puppet Remediate, navigate to 'Manage tasks' and click 'Add tasks'.

4. Upload the module

Upload the .tar.gz file using the 'Upload a module' feature.

5. Select the vulnerability to remediate

Return to the Vulnerabilities screen, and search again for the CVE(s) that are affecting your systems. Select the vulnerability you wish to remediate.

6. Review affected nodes

Scroll to the 'Nodes affected' table and click 'Run Task':

• To update Linux servers, select meltdown::linux_update.
• To update Windows servers, select meltdown::windows_update.

Select the appropriate parameter values for the task you selected. Hover over the information symbol for information about each parameter.

Click 'Review nodes'

7. Run the task

Run the task against the affected servers. You can run the task against Windows and Linux servers at the same time.

8. Confirm the remediation

After your next security scan has synced into Remediate, use the search box in Remediate and confirm Meltdown has gone.