The P&N Technology Services Group would like to make you aware of the reported vulnerabilities known as Spectre and Meltdown affecting Intel, AMD, and ARM processors. There is no evidence of exploitation as of this notice, but the publicly available proof of concept could result in the vulnerabilities being developed for delivery through malware.
Spectre and Meltdown are attacks that exploit performance optimizations used by modern CPUs to access protected memory. Spectre has been verified on Intel, AMD, and ARM processors, while Meltdown appears to only impact Intel processors. The vulnerabilities affect all computing devices with these processors- servers, desktops, laptops, handheld/mobile devices, and hosted/cloud servers.
The primary risk from these exploits is sensitive data loss, such as extracting encryption keys or passwords from memory. Cloud hosted servers or virtual server hosts could be significantly impacted if an attacker exploits these vulnerabilities to break out of the isolation of a guest virtual host. It may also be possible to deliver exploit code via drive-by download to extract information from a web browser.
We strongly advise a metered approach to updating affected systems. You should follow standard for testing and deploying updates. You should also contact hosted service providers to confirm that platforms that store or process your corporate data are updated, especially those systems on shared hosting or infrastructure-as-a-service vendors.
If you have any questions or concerns about this notice, please contact the P&N Technology Services Group at 225-755-1258 or email our service portal at firstname.lastname@example.org.
Below are links to further information on Spectre and Meltdown. As always, if you have questions please contact your P&N professional.