What risk does Meltdown and Spectre put you in?
Security researchers at Google have discovered security vulnerabilities that basically impacts every x86 CPU manufactured since 1995. These vulnerabilities are known as Meltdown and Spectre. The collectively impact Intel, AMD and some ARM CPUs
This is still a developing situation, but due to the potential of the vulnerabilities, and the wide range of CPUs impacted by them, Tenzing is taking measures to protect customers.
What are Meltdown and Spectre?
Meltdown and Spectre are bugs that allow data to be exposed that should not be. All Intel CPUS are considered impacted. It is important to note that there has been no evidence that this has been exploited outside of research labs. For general and technical details, as well as answers to other common questions, please visit: https://meltdownattack.com
Who is impacted by Meltdown and Spectre?
Any device manufactured in the past 20 years, including every Intel CPU in the world, across servers, clouds, home PCs etc, are at risk due to these vulnerabilities. Even some cellphones are at risk.
Am I at risk?
We are not aware of any evidence at this time to suggest that an exploit for these vulnerabilities exists in the wild. Tenzing, along with all the rest of the industry, are monitoring and will respond appropriately if this situation changes.
How is Tenzing protecting its customers?
Our engineers are actively working with our vendors to protect customers and systems from these newly disclosed vulnerabilities. All operating system vendors are in the process of releasing patches, and we anticipate these to become available within the days and weeks to come. In addition to operating system patches, there are firmware (BIOS) and CPU code (microcode) updates expected to follow.
What is Tenzing doing for customers, exactly?
As patches become available, we will be testing them thoroughly. We will focus efforts on internal systems and shared infrastructure used by our customers (e.g. Portal, shared Everest, SAN etc). Our engineers are working diligently and hastily to formulate an action plan to patch systems that minimizes the impact to our customers.
What else should I know?
It’s important to note that due to the complexity of Meltdown and Spectre vulnerabilities, it will take time for researchers and vendors to fully understand impact and patches needed to resolve the vulnerability.