Meltdown and Spectre - Processor Speculative Execution Vulnerabilities (Windows)

Overview

This article applies to Windows based controllers. For Linux RT based systems, see here.

NI is aware of the side-channel analysis vulnerabilities described in CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3640, CVE-2018-3639, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 known as Meltdown, Spectre, and Foreshadow, affecting many modern microprocessors. We are working with our silicon suppliers and OS vendors to ensure that our products include the appropriate mitigations. Presently, we are unaware of cases where these vulnerabilities have been used maliciously.

Contents

Further Information

The Meltdown and Spectre vulnerabilities are unspecific to any one vendor and take advantage of techniques commonly used in most modern processor architectures. This means a large range of products are affected. Mitigations could include updates to both OSs and firmware (BIOS).

NI recommends customers follow security best practices to protect against exploitation of vulnerabilities. These practices include adopting software updates, avoiding unrecognized hyperlinks and websites, not downloading files or applications from unknown sources, and following secure password policies. 

NI has observed some negative system performance impact from applying the mitigations. Generally, performance degradation is in line with reports from the industry. In some cases, the impact could be significant but is specific to the application. The “Switch | Registry Settings” section of this Windows Support article describes how to enable or disable the Meltdown/Spectre mitigations. Note: If you disable the mitigations and then apply a Windows update from Microsoft, you may need to restart your computer twice to ensure that the mitigations remain disabled.

The “Verifying that protections are enabled” section of this Windows Support article can help identify whether the mitigations have been applied successfully.

 

Mitigation Guidance

Depending on the controller you are using, you may need to perform one or both of the following steps:
 

  1. Apply the BIOS update provided by NI for your controller. Refer to the "Affected Products" section below.
  2. Apply the OS patch provided by Microsoft.
     

Note: BIOS updates are unavailable for some older controllers, for which NI's component suppliers are not providing updates. For example, refer to Intel’s Microcode Revision Guidance.

 

Affected Products

 

PXI/PXI Express Controller List

Controllers Mitigation Variant 2, 3a, & 4, and Foreshadow (As of 3/12/2019)
PXI-8102 No update available
PXI-8108 No update available
PXI-8109 1.2.4f2
PXI-8110 No update available
PXI-8115 1.0.2f0
PXI-8119 1.9.1f0
PXI-8820 1.0.1f0
PXI-8840 Dual Core 2.0.3f0
PXI-8840 Quad Core 2.0.1f1
PXIe-8102 No update available
PXIe-8108 No update available
PXIe-8115 1.0.2f0
PXIe-8130 No update available
PXIe-8133 No update available
PXIe-8135 1.2.5f1
PXIe-8820 1.2.1f0
PXIe-8821 2.1.2f0
PXIe-8840 Dual Core 2.1.2f0
PXIe-8840 Quad Core 2.1.2f0
PXIe-8861 Ships with BIOS mitigations enabled
PXIe-8880 2.1.1f0

 

CompactDAQ/CompactRIO/Vision/OEM Controller List

Controllers Mitigation Variant 2, 3a, & 4, and Foreshadow (As of 3/12/2019)
cDAQ-9132 1.3.1f0
cDAQ-9133 1.3.1f0
cDAQ-9134 1.3.1f0
cDAQ-9135 1.3.1f0
cDAQ-9136 1.3.1f0
cDAQ-9137 1.3.1f0
cDAQ-9138 1.2.4f2
cDAQ-9139 1.2.4f2
cRIO-9081 1.2.4f2
cRIO-9082 1.2.4f2
CVS-1458 1.3.0f0
CVS-1459 1.3.0f0
IC-3120 1.3.1f100
IC-3121 1.3.1f100
IC-3171 1.1.2f0
IC-3172 1.1.2f0
IC-3173 1.1.2f0
RMC-8354 No update available
RMC-8355 No update available
RMC-8356 No update available
RMC-8357 No update available
TPC-2230 No update available