Meltdown (Rogue Data Cache Load/CVE-2017-5754) and Spectre (Bounds Check Bypass; CVE-2017-5753, Branch Target Injection / BTI; CVE-2017-5715) are vulnerabilities found on processors. They can be exploited by malicious applications run locally on those processors/computers. As of this post writing today 9-Feb-2018 there are no reported cases of Meltdown and Spectre being exploited in the wild.
As an Endpoint Protector customer you are indirectly affected by Spectre and Meltdown. Endpoint Protector (the server part) is running usually as a Virtual Appliance or as an Endpoint Protector Hardware Appliance.
In the case:
- If you use an Endpoint Protector Hardware Appliances please contact our support team and they will assist you to apply the latest patches to the Ubuntu Operating System.
- If you use an Endpoint Protector Virtual Appliance please patch your hypervisor (such as Vmware EXSi, etc.) so it addresses these vulnerabilities.
- For your Endpoints on which you are running the Endpoint Protector Agent/Client follow the update procedures by the Operating System makers to address these vulnerabilities.
Please note Operating Systems like Ubuntu have released a number of patches to address these vulnerabilities and keep adding and changing patches.
Here some more details how Ubuntu is addressing these vulnerabilities:
https://insights.ubuntu.com/2018/01/24/meltdown-spectre-and-ubuntu-what-you-need-to-know/
New Endpoint Protector Hardware Appliances ship with the latest patches, however for older appliances please reach our support to address these.
