On January 3, 2018, an industry-wide hardware-based security vulnerability was disclosed. CVE-2017-5753 and CVE-2017-5715 are the official references to Spectre, and CVE-2017-5754 is the official reference to Meltdown.
To exploit this vulnerability, specific code must be run on a CPU. The hosted EventTracker SIEMphonic service is provided from our own data center, and does not use compute-as-a-service from providers such as AWS EC2 or Azure who allow customers to run arbitrary code on the provided compute service.
Keeping our customers and their data secure is always our top priority. EventTracker continually tests and monitors our systems for vulnerabilities such as this, using our own products and services. The unknown process feature in EventTracker is expressly designed to detect and surface first-time-seen code execution. We have taken active steps to ensure that no EventTracker customer is exposed to these types of vulnerabilities. At the time of this posting, EventTracker has not received any information to indicate that these types of vulnerabilities have been used to attack the SIEMphonic infrastructure or in any way impact the integrity of customer data stored with the SIEMphonic service.
EventTracker does not use a third-party compute-as-a-service offering, so we don’t allow arbitrary code to be run on our servers. As such, security vulnerabilities that require specific code to be run on the same server as the exploited service pose less of a threat to EventTracker’s service and the data stored therein than those services and data stores utilizing shared servers at large cloud hosting facilities. With that said, EventTracker is constantly evaluating the server vendor patches that are relevant to server components used, and we will test and roll out these patches as they become available.
At our Security Operations Center we are patching on all workstations to address Meltdown and Spectre vulnerabilities. Specifically, we are:
- Updating anti-virus to the latest version to make it compatible with Microsoft patches. Microsoft has identified a compatibility issue with a number of antivirus software products.
- Installing Microsoft cumulative patch on all workstations
- Installing the latest BIOS update on the workstations
- Updating Chrome and Firefox browsers to the latest versions
We will post more updates here, as they become available. More details about these vulnerabilities are available. Learn more about the Meltdown and Spectre vulnerabilities.