Vulnerabilities Meltdown and Spectre and mitigation plan
1 - Overview of the risk:
- Meltdown (CVE-2017-5754) breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory.
- Spectre (CVE-2017-5753 and CVE-2017-5715) tricks other applications into accessing arbitrary locations in their memory.
- Desktop, Laptop, and Cloud computers may be affected by Meltdown but almost every system is affected by Spectre, including Smartphones.
- Currently the severity is globally defined as “Important” as there is no known attacks yet that could exploit such vulnerabilities.
2 - Mitigation plan:
- While all software vendors will release patches and advisories, an action plan must be established in order to implement those patches in your environment taking into account potential impacts on performance.
- POST is aware of the risks related to cybersecurity and is actively following all new vulnerabilities.
- POST is committed to mitigate the risks of its products and services and keeps its customers individually informed of any patching actions that are to be done in the following days and weeks.