Pharos Beacon Infrastructure Upgraded To Remove Vulnerability to Meltdown/Spectre.Other Services Not Directly Vulnerable. - June 2020
  • 05 Apr 2024
  • 1 Minute to read
  • Dark
    Light
  • PDF

Pharos Beacon Infrastructure Upgraded To Remove Vulnerability to Meltdown/Spectre.Other Services Not Directly Vulnerable. - June 2020

  • Dark
    Light
  • PDF

Article summary

Background

Recently a pair of vulnerabilities have been disclosed that affect most computers around the world. These vulnerabilities have been named Meltdown and Spectre.

Meltdown is a hardware vulnerability affecting Intel x86 microprocessors and some ARM-based microprocessors. It allows a rogue process to read any physical, kernel or other process's mapped memory, regardless of whether or not it should be able to do so. (From Wikipedia).

Meltdown's CVE ID is CVE-2017-5754.

Spectre is a vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution, by allowing malicious processes access to the contents of other programs' mapped memory. (From Wikipedia).

Spectre's CVE IDs are CVE-2017-5753 and CVE-2017-5715

Pharos Cloud Services

Pharos cloud services reside inside Amazon Web Services (AWS) and are protected from direct access by firewalls. These services do run on computers whose processes are affected by Spectre and Meltdown. AWS has patched all of their systems and all Beacon Cloud Platform operating systems have also been patched.

Pharos Omega Devices

Pharos Omega devices are secured devices and are not open to third party software execution. While Omegas are currently susceptible to both vulnerabilities, Pharos do not believe that this can be exploited at this time.

Pharos iMFP

Pharos iMFP software runs on OEM hardware provided by printer/copier manufacturers. These manufacturers will need to provide patches if required.

Pharos On-Site Software

All Pharos on-site software runs on customer or partner managed servers, and will need to be upgraded as patches become available. Pharos software itself is not vulnerable.

Pharos Internal Infrastructure

Patches are being applied to all operations and non-test devices on the Pharos internal network with anticipated completion by end of January 2018.

Recommendations

Apply your manufacturer and OS service packs and updates as soon as they are available.

As always, the Pharos security team is happy to any questions you may have.

Regards,
Pharos Security Team
Pharos Systems International
585-939-7000
pharossecurityteam@pharos.com


Was this article helpful?


Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.