In light of the recently discovered Meltdown and Spectre vulnerabilities, Krescendo are applying patches.
- All employee workstations have been patched.
- We urge our customers to apply critical security updates to their operating systems and browsers on their workstations and devices.
These vulnerabilities are not considered a critical remote security risk as they can only be exploited by malicious code or applications on the server. Strict access controls to servers hosting client web applications and data mitigate risk to these vulnerabilities being exploited.
However, Krescendo is applying the critical security updates to these servers as soon as possible.
The exact scheduling of updates will depend on agreed maintenance windows for each client. Please contact your account manager if you want confirmation.
For more details of the vulnerabilities see: meltdownattack.com.
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
- CERT Vulnerability
- Redhat: Kernel Side-Channel Attacks
- Redhat: Speculative Execution Exploit Performance Impacts
- Redhat: Controlling the Performance Impact of Microcode and Security Patches
If you have any questions, please contact your account manager.