On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown and Spectre— that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information. At this time, the industry is unaware of any active exploitation but given the scope of these vulnerabilities, it is expected that exploits will be developed.
Due to the fact that the vulnerability exists in CPU architecture rather than in software, patching may not fully address these vulnerabilities in all cases. After patching, performance may be diminished by up to 30 percent. Rest assured we are following these vulnerabilities very closely and we will be patching your systems as needed. We will advise you of further updates as they become available. If you have any questions, please feel free to reach out to me.
More information can be found on these vulnerabilities below
TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance
- Users and administrators are encouraged to review Vulnerability Note VU#584653, Microsoft's Advisory, and Mozilla's blog post for additional information and refer to their OS vendor for appropriate patches.
- You can find information on Apple devices here
- For a comprehensive summary on Meltdown and Spectre see: https://meltdownattack.com/
- For Amazon Linux information see: Amazon Linux AMI Security Center