Contact Us   |   Sign In   |   Register
Community Search
Meltdown and Spectre Vulnerabilities
Share |

 

 

 

As you may already be aware, the recent discovery of the Meltdown and Spectre vulnerabilities point to a potentially significant security risk.  OSHEAN is providing this information as a synopsis of the current situation.  We have also embedded communications from our cloud partner, Navisite, which details their current activities on the subject. 


Summary:

Computer researchers have recently discovered that the main chip in most modern computers—the CPU—has a hardware bug. These bugs, if exploited, could allow hackers to access data stored in the memory of a computer. The bugs - known as Meltdown and Spectre- affects almost every computer.

This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.  If  malicious software is running on the computer, hackers can gain access to passwords, emails, instant messages and sensitive information.

Impact:
Patches to mitigate the risks posed by the exploits are available from some vendors, and others will release patches soon.

Recommendations:
Review the US Computer Emergency Readiness Team (US-CERT) guidance for vulnerabilities here.   
Ensure all computers are up-to-date with currently available patches.  
Review tools developed by Intel and Linux to detect and mitigate these vulnerabilities for 
Windows and Linux.  

 

 Navisite Client Advisory:

Meltdown & Spectre CPU Vulnerability 

Current Status:

Navisite is continuing to actively engage with multiple partners (HP, VMware, Fujitsu, Microsoft, RedHat, Cisco, Citrix, Oracle, Commvault, etc.) in order to plan appropriate actions to address the Meltdown & Spectre CPU vulnerabilities. As of today, most software partners have not fully assessed the vulnerability. We will continue to work with our partners as they evaluate the vulnerability and develop their recommendations. We will also assess the impact of applying multiple patches from multiple partners on the complete hardware/software/services stack at Navisite. We understand the implication of this type of work. As we build the client specific plans to address, we will continue to send individual notifications and change windows as required. Work on this will continue over this weekend with the next update planned for Monday January 8th. 

 

Previous Update:Navisite is investigating the impact of the recent advisories (see list below) that could be impacting multiple platforms/systems across the globe. We are actively working with our partners to understand the implications and developing necessary remediation plans to protect our clients.
As we develop actionable remediation plans, we will be providing updates and your Service Manager will work with you to coordinate remediation activities and timetables.

Advisory(links):


https://www.us-cert.gov/ncas/current-activity/2018/01/03/Meltdown-and-Spectre-Side-Channel-Vulnerabilities


https://meltdownattack.com/


https://spectreattack.com/

 

 

more Events Calendar

10/19/2018
Small School Technical Meeting

10/30/2018
CIO Forum

Did You Know?

Association Management Software Powered by YourMembership  ::  Legal