CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 aka Spectre & Meltdown Mitigation

Discussion in 'General Questions' started by G.Oei, Jan 12, 2018.

  1. G.Oei

    G.Oei Junior Member

    Messages:
    10
    Meanwhile all CPU manufacturers, all OS Developers and VM-Ware have reacted and published informations and solutions as well as bugfixes on
    CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 aka Spectre & Meltdown

    Why aren't there any informations nor fixes for Parallels?
     
    Obi-Wan, JoachimI and JohnH29 like this.
  2. JoshS4

    JoshS4 Bit poster

    Messages:
    1
    I'll second this - I'd like to at least see an ETA for implementation of the mitigations.
     
    Obi-Wan and JohnH29 like this.
  3. MikeB13

    MikeB13 Bit poster

    Messages:
    3
    Asked in this thread also : https://forum.parallels.com/threads/parallels-desktop-and-intel-bug.343408/ last Saturday and no answer there either. Even if the answer was something like "mitigated in OS and not a Parallels issue", I would hope someone would chime in with that. And odd no one else is asking. Parallels is used in a lot of corporate environments and we are all reporting remediation statuses up the chain, and my status for my Windows guest is "not sure when".
     
  4. Especially since VMWare has published extensive information on the issue and their remediation steps, and already has fixes out.
    I've moved all my development VMs over to Fusion ... and the performance hit (at least for me) due to Meltdown and Spectre under VMWare is minimal. I'll probably stay there.
     
  5. G.Oei

    G.Oei Junior Member

    Messages:
    10
    When I don't get an answer on this by next week, I'll move my 5 Systems with about 15 different VMs to Fusion - and stay there and cancel all Parallels Subscriptions.
     
  6. G.Oei

    G.Oei Junior Member

    Messages:
    10
    Still no reaction? Really?
     
  7. G.Oei

    G.Oei Junior Member

    Messages:
    10
    Sorry guys, with no reaction on that relevant topic -> please cancel all my current parallels subscriptions.
    I have startet to migrate to VMware (server & desktops)
    Thank you.
     
  8. G.Oei

    G.Oei Junior Member

    Messages:
    10
    not really an answer:
    Parallels_Twitter_180119.jpeg
     
  9. Obi-Wan

    Obi-Wan Junior Member

    Messages:
    17
    I need to read up more on this, but if someone can explain to me:
    1. Is it necessary that just the guest OSes are patched, or does Parallels in fact need its own patch independent of that?
    2. So both the guest OSes and Parallels-independently-must be prevented from accessing memory that they shouldn't be?
    3. Why does this apply to virtualization software (like Parallels) and not other applications? Is it assumed that only virtualization software, and not other applications, has access to certain areas of the host machine/memory? How can a user tell if this is the case?
    4. Has there been any update in the last 2 months from Parallels on this?

    Thanks!
     
    Last edited: Mar 22, 2018
  10. I've decided that
    1. Apple seems to have quietly patched OSX and Safari to minimize the danger.
    2. VMWare indicated that Fusion on OSX is not impacted so I suspect Parallels on OSX is not impacted. Probably only systems that are on the 'bare metal' are vulnerable.
    ergo - I am not going to spend anymore time worrying about it. Just my two cents --- YMMV
    I moved everything back to Parallels since the OSX folder, file, and desktop integration is WAY better and performance for multiple core systems seems to be better than either VirtualBox or VMWare.
     

Share This Page