-
Title
Meltdown and Spectre (CPU Vulnerability) for Quest On Premise based products -
Description
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
-
Resolution
Due to the nature of the vulnerabilities which reside very low in the platform stack our products are installed on, our on-premises solutions are indirectly affected.
Only hardware and/or OS level patches provided by the platform providers (Intel, ARM, Microsoft, VMWare) can mitigate or remediate the issues and no code changes are required from our side at this time.
As customers upgrade their infrastructure, Quest will stay vigilant for any potential performance impact as a result of the patches on heavy loaded systems such as database server.
For more information on these two exploits and patching information see the following:- Official Release: https://meltdownattack.com/
- Intel: https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
- Microsoft:
- VMWare: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
- Google: https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html