A Meltdown vulnerability affecting computers running Intel chips was announced several days ago!
If you are using new machine, then there is a good chance that your machine might be vulnerable by a hardware-level chip bug. Meltdown affects a wide range of systems. Linux patches have already been distributed but as much as I understand we are still waiting for Microsoft patch. Microsoft security updates are released on the second Tuesday of each month. It is HIGHLY recommended to follow this website which brings the Microsoft's Patch Tuesday Update.
The exact information about the bug is still not published in public. In short the bug allows apps to access certain contents in protected kernel memory. In order to prevent the bug the system must implement Kernel page-table isolation, which fixes these leaks by separating user-space and kernel-space page tables. Unfortunately, fixing the issue in the software level might reduce performance dramatically.
This is a big deal and it affects clouds providers as well, who need to patch the systems. Any running service application can try to exploit this.
You can read more in Brandon Hill's post
SQL Server - update!
Protect SQL Server from attacks on Spectre and Meltdown side-channel vulnerabilities;
Follow Microsoft updates and make sure your machine is secured
Updates From wikipedia
- On January 25, 2018, the current status and possible future considerations in solving the Meltdown and Spectre vulnerabilities were presented.
- On March 15, 2018, Intel reported that it will redesign its CPU processors.