Meltdown & Spectre Security Vulnerabilities

SUMMARY

iWeb Technologies has become aware of security vulnerabilities affecting most known processors. These vulnerabilities were recently exposed by various security experts.

These vulnerabilities have been dubbed Meltdown and Spectre.

                              meltdown.png                 spectre.png         
"These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."- meltdownattack.com, January 5th, 2018

In most cases, local access to the computer is required to exploit these vulnerabilities. At the time of this writing, there are no known attempts to exploit these vulnerabilities.

A potential attacker with unauthorized access could execute malicious code through other applications to access memory from other processes.

Following industry best practices, iWeb strongly recommends that customers keep their operating systems up to date and ensure that security updates are performed and vendor recommended patches are installed as well.

FIX

Listed below are links from vendors on how to patch the most popular server operating systems including

Ubuntu
Centos
Red Hat Entreprise Linux
Debian
Windows Server
VMWare

For operating systems not listed above, customers should contact their vendor for instructions and more information to address these vulnerabilities.

FIX IMPACTS

Industry feedback has indicated that there is a potential for performance impacts as a result of some patches. The reported impacts vary from minimal to noticeable latency on databases. iWeb does not have precise impact details at this time. We will continue to monitor the information available for these vulnerabilities.

TECHNICAL INFORMATION

For more information and in-depth details please visit https://meltdownattack.com

Official CVE's reported:
CVE-2017-5754
CVE-2017-5753
CVE-2017-5715

NEXT STEPS
iWeb takes all vulnerabilities seriously. We are taking precautionary steps internally and with all partners and vendors regarding mitigation.

Information about these vulnerabilities is still developing and iWeb is in constant communication with its partners and vendors.

iWeb will keep its customers updated as more information becomes available.

As additional information is made available, this page will be updated.

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk