RSS Feed
News
Feb
2
Posted by Bal√°zs Hadnagy on 2018 February 02 16:55

Dear Customers,

On January 3, 2018, researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities allow an unprivileged local attacker to read privileged memory belonging to other processes or memory allocated to the operating system kernel. The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715 are dubbed as
Spectre, while CVE-2017-5754 is known as Meltdown.

 

The exploitation of these vulnerabilities requires the attacker to be able running custom code on the affected devices. Even though the CPU and the underlying operating system in Balabit products may be affected, neither the PSM nor the SSB appliance allow running custom code, therefore they are not vulnerable to these attacks.

 

PSM and SSB products may be deployed as virtual machines. Make sure that the virtual hosting environment running Balabit products have the required security updates installed and are otherwise sufficiently secured.

 

Best regards,

 

BalaBit Support Team