Background

Recently a pair of vulnerabilities have been disclosed that affect most computers around the world. These vulnerabilities have been named Meltdown and Spectre.

 

Meltdown is a hardware vulnerability affecting Intel x86 microprocessors and some ARM-based microprocessors. It allows a rogue process to read any physical, kernel or other process's mapped memory, regardless of whether or not it should be able to do so. (From Wikipedia).

 

Meltdown's CVE ID is CVE-2017-5754.

 

Spectre is a vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution, by allowing malicious processes access to the contents of other programs' mapped memory. (From Wikipedia).

 

Spectre's CVE IDs are CVE-2017-5753 and CVE-2017-5715

 

Pharos Cloud Services

Pharos cloud services reside inside Amazon Web Services (AWS) and are protected from direct access by firewalls. These services do run on computers whose processes are affected by Spectre and Meltdown. AWS has patched all of their systems and all Beacon Cloud Platform operating systems have also been patched.

 

Pharos Omega Devices

Pharos Omega devices are secured devices and are not open to third party software execution. While Omegas are currently susceptible to both vulnerabilities, Pharos do not believe that this can be exploited at this time.

 

Pharos iMFP

Pharos iMFP software runs on OEM hardware provided by printer/copier manufacturers. These manufacturers will need to provide patches if required.

 

Pharos On-Site Software

All Pharos on-site software runs on customer or partner managed servers, and will need to be upgraded as patches become available. Pharos software itself is not vulnerable.

 

Pharos Internal Infrastructure

Patches are being applied to all operations and non-test devices on the Pharos internal network with anticipated completion by end of January 2018.

 

Recommendations

Apply your manufacturer and OS service packs and updates as soon as they are available.

 

As always, the Pharos security team is happy to any questions you may have.

 

Regards,

Pharos Security Team

Pharos Systems International

585-939-7000

pharossecurityteam@pharos.com