Meltdown and Spectre Exploit Advisory - Inuvika

Meltdown and Spectre Exploit Advisory

Inuvika Update Regarding CVE-2017-5754, CVE-2017-5715 and CVE-2017-5753 (Spectre and Meltdown Security Flaws)

Overview

Recently, new security-related issues have been identified impacting Intel, AMD, and ARM-based CPU architectures.

While the nature of these issues is hardware-related, Inuvika continues to review the potential impact on OVD Enterprise. This update is intended to advise our customers and partners on currently-known courses of action that can be taken to mitigate possible risks.  Inuvika will provide additional updates if direct impacts on OVD are identified.

Impact on OVD Enterprise

Inuvika believes that currently-supported versions of OVD Enterprise are not directly impacted by the known security issues.

However, the security issues can be exploited both locally (I.e. Within the same OS) and through the virtualization guest boundary.   Therefore, underlying CPU firmware, hypervisor, Guest Operating Systems, cloud platforms, and other third-party components that are part of an OVD Enterprise environment may require updates. 

Known Status of Third Party Components

Current Recommendations for OVD Enterprise Customers

  1. Prior to beginning your update, pause and create an overall plan.  Evaluate each individual component of your OVD environment and identify the necessary steps that must be taken.  Inuvika recommends that you prioritize the following:
    1. Hypervisor appliances and server hardware that host OVD
    2. Guest Operating Systems
    3. Backend systems (directory, storage, and application server hardware; and their Operating Systems)
    4. Applications residing on your application servers
  1. Contact your hardware or software OEM providers for the most up-to-date information and available patches.
  1. Apply the recommended patches. After a patch has been applied, verify that the component is performing as expected.
  1. In addition, client devices, their Operating Systems, and applications that access your OVD environment may require updates.  We recommend you contact your device OEMs for further instruction.