COMPANY    CUSTOMERS    NEWS    DOWNLOADS    CONTACT

SecureLogix Logo
  SOLUTIONS    PRODUCTS    SERVICES    SUPPORT    PARTNERS
   
Spectre and Meltdown Information
Talk To Sales 
Schedule Online Demo
Get Product Quote
Newsletter Sign Up
Comments / Questions?

  Support
Support Request
Knowledge Base
ETM® System Software Updates
Customer Support Handbook
Online Manuals
CCMI Update
Support Survey
End-of-Sale and End-of-Life Products
Spectre and Meltdown
 
 

Last Updated: 02/20/2018 3:40pm

Overview

Meltdown and Spectre are a group of three vulnerabilities discovered in 2017 and publicly announced January 3, 2018. Each of these vulnerabilities is exploited using a different attack vector, but all are related to processor speculative execution vulnerabilities.

Meltdown and Spectre have been described as "catastrophic" by security analysts and have received extensive press coverage. Operating system and microprocessor vendors have been very responsive and rushed out patches and updates very quickly, but these initial patches caused issues with CPU performance degradation and spontaneous server reboots. Consequently, many of our customers have contacted us seeking information and recommendations regarding the patches.

In order to provide the most timely information, we have created this web page, which will be updated as new information becomes available.

It is important to note that the speculative execution vulnerabilities are a result of inherent weaknesses in microprocessor functionality and are mitigated through a combination of firmware provided by the microprocessor vendor and operating system updates provided by the operating system (OS) vendor. Since Meltdown and Spectre are not related to Securelogix software applications, no software updates or upgrades to our applications are applicable to addressing these vulnerabilities.

 

Status and Patches

Spectre and Meltdown consist of three separate vulnerabilities, as noted in the following table.

VulerabilityCVEExploit NamePublic Vunerability NamePatch Method
Spectre2017-5753Variant 1Bounds Check BypassOS
Spectre2017-5715Variant 2Branch Target InjectionOS/Firmware
Meltdown2017-5754Variant 3Rogue Data Cache LoadOS

 

Mitigation Recommendations

General

The specific recommendations and support provided by SecureLogix depend on the product and hosting method, as described in the following sections.

Customer-Owned and Managed ETM® Servers

The SecureLogix® Customer Support service offering does not include furnishing or installing operating system software updates and upgrades. SecureLogix customers will need to obtain and install updates to mitigate Spectre and Meltdown themselves. That said, SecureLogix customer support is ready to provide technical support and assistance with the ETM System software applications.

Our general recommendation for all security vulnerabilities is that customers should follow their established policies for applying security patches and updates and this is no different for Spectre and Meltdown.

Reports of performance degradation and reliability issues with the Spectre and Meltdown patches have caused many organizations to delay installing those updates. SecureLogix software applications and the servers they run on are no more nor less susceptible to these reported issues. Therefore, SecureLogix customers will want to stay up to date with the rapidly changing status of the microprocessor and operating system vendors' patches in order to make an informed decision on when to update.

ETM® MSSV Customers with On-Premise ETM® Management Servers

The Managed Security Service for Voice (MSSV) includes remote installation of software updates and upgrades for SecureLogix software applications. It does not include installation of OS or BIOS upgrades. Consequently, MSSV customers should follow the guidance described in the preceding section for "Customer-Owned and Managed ETM Servers."

Hosted ETM® Server Customers

ETM hosting service customers are entitled to both ETM software and operating system updates and upgrades.

ETM hosting services are implemented in Amazon Web Services (AWS). AWS has already updated their hypervisor for all server instances as well as each of the ancillary services that we use to support ETM Management servers. Customers who need more detailed information about AWS's response to the Spectre and Meltdown vulnerabilities should refer to this page for the latest information.

SecureLogix has applied the most current Spectre and Meltdown patches to the CentOS operating system on the individual ETM Management Server instances for all customers. SecureLogix will continue to monitor annoucements and install updates as required.

PolicyGuru® Solution Customers

PolicyGuru Solution customers with Managed Services contracts are eligible for both product and operating system updates and upgrades.

SecureLogix testing with the initial Linux operating system patches resulted in a dramatic degradation of performance that would have rendered PolicyGuru systems inoperative. However, preliminary test results with the newly released patches look very promising.

We will not be ready to recommend installation of the patches until completion of testing, but we expect to be ready to begin scheduling customer updates no later than Monday Feb 26, 2018.

 

For Additional Information

Please contact SecureLogix Customer Support.

Phone: 1-877-752-4435

Email: supportteam@securelogix.com

Web: https://support.securelogix.com/support-request.htm

 

 


© Copyright 1999-2018 SecureLogix Corporation. All Rights Reserved.
    TRADEMARK / PATENTS    LEGAL    PRIVACY STATEMENT