CVE-2018-7112

Name of the Vulnerable Software and Affected Versions HPE Windows firmware installer versions prior to the updated versions released in system ROM and HPE Integrated Lights-Out (iLO) releases documented in HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831

Description The issue allows local disclosure of privileged information. It was resolved in previously provided firmware updates. The updated HPE Windows firmware installer was released in system ROM and HPE Integrated Lights-Out (iLO) releases, which also addressed the original Spectre/Meltdown set of vulnerabilities.

Recommendations For HPE Windows firmware installer versions prior to the updated versions, update to the system ROM or iLO versions described in the HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831 to resolve the issue. Windows-based systems that have already been updated to the system ROM or iLO versions described in these security bulletins require no further action.