Watercooler news to discuss with friends, coworkers and more by Computer Resources
January 3, 2018: Notice of Vulnerability CVE-2017-5733, CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown)
Meltdown and Spectre Side Channel Vulnerabilities
On January 3, a set of vulnerabilities known as Meltdown and Spectre were announced. These vulnerabilities effect many modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information. At this time, the industry is unaware of any active exploitation but given the scope of these vulnerabilities, it is expected that exploits will be developed.
How does this affect Computer Resources Inc. solutions?
Computer Resources products use several different operating systems and operating environments. We are in the process of evaluating the impact and applying appropriate remediation including patches and firmware upgrades.
For the Computer Resources monitoring service and for our backup product, it is important to note that although technically they have the same vulnerability, they are implemented on dedicated and hardened infrastructure making them closed systems and are not directly exploitable.
A General Word About Patching
For those on virtual environments, it is important to patch the hypervisor. Patching of the secondary operating systems is a best practice.
The Computer Resources Inc. service cloud products and backup products run on closed systems, which are less exploitable; however, we will provide updated versions with the latest OS patch. No action is required as all updates will be handled by the Computer Resources Inc.Ops team.
Jan 5 UPDATE: For Clients
IMPORTANT: Microsoft patches require a compatible version of Anti-virus (AV) in for the patch to run successfully. Check with your AV vendor to ensure you have the correct AV version to avoid any unwanted outcomes.
If Computer Resources provides your AV: We are currently in investigation and compatibility testing for AV Defender and Managed Anti-virus (MAV) and we will keep you informed on the progress and when to proceed with patching. Please check back here for updates.
This notification will be updated as we receive new information on improved, patches, AV compatibility or any other information as it becomes available.
For additional information, please refer to any of the links below:
- Homeland Security US-CERT
TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance
- Users and administrators are encouraged to review Vulnerability Note VU#584653, Microsoft's Advisory, and Mozilla's blog postfor additional information and refer to their OS vendor for appropriate patches.
- You can find information on Apple devices here
- For a comprehensive summary on Meltdown and Spectre see: https://meltdownattack.com/
- For Amazon Linux information see: Amazon Linux AMI Security Center