Login
    Contents x
    Pharos Beacon Infrastructure Upgraded To Remove Vulnerability to Meltdown/Spectre.Other Services Not Directly Vulnerable.
    • 05 Apr 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Pharos Beacon Infrastructure Upgraded To Remove Vulnerability to Meltdown/Spectre.Other Services Not Directly Vulnerable.

    • Updated on 05 Apr 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Background

    Recently a pair of vulnerabilities have been disclosed that affect most computers around the world. These vulnerabilities have been named Meltdown and Spectre.

    Meltdown is a hardware vulnerability affecting Intel x86 microprocessors and some ARM-based microprocessors. It allows a rogue process to read any physical, kernel or other process's mapped memory, regardless of whether or not it should be able to do so. (From Wikipedia).

    Meltdown's CVE ID is CVE-2017-5754.

    Spectre is a vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution, by allowing malicious processes access to the contents of other programs' mapped memory. (From Wikipedia).

    Spectre's CVE IDs are CVE-2017-5753 and CVE-2017-5715

    Pharos Cloud Services

    Pharos cloud services reside inside Amazon Web Services (AWS) and are protected from direct access by firewalls. These services do run on computers whose processes are affected by Spectre and Meltdown. AWS has patched all of their systems and all Beacon Cloud Platform operating systems have also been patched.

    Pharos Omega Devices

    Pharos Omega devices are secured devices and are not open to third party software execution. While Omegas are currently susceptible to both vulnerabilities, Pharos do not believe that this can be exploited at this time.

    Pharos iMFP

    Pharos iMFP software runs on OEM hardware provided by printer/copier manufacturers. These manufacturers will need to provide patches if required.

    Pharos On-Site Software

    All Pharos on-site software runs on customer or partner managed servers, and will need to be upgraded as patches become available. Pharos software itself is not vulnerable.

    Pharos Internal Infrastructure

    Patches are being applied to all operations and non-test devices on the Pharos internal network with anticipated completion by end of January 2018.

    Recommendations

    Apply your manufacturer and OS service packs and updates as soon as they are available.

    As always, the Pharos security team is happy to any questions you may have.

    Regards,
    Pharos Security Team
    Pharos Systems International
    585-939-7000
    pharossecurityteam@pharos.com

    Was this article helpful?
    Related articles
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout