11 Jan Meltdown and Spectre
Towards the end of last year, two new security vulnerabilities, “Meltdown” and “Spectre”, emerged. In this email we would like to inform you about how you, and especially your jtel systems, may be affected.
How do these vulnerabilities work?
Meltdown and Specter are based on weaknesses in modern CPUs. They allow malicious code to access memory and data from other processes running on the system. Confidential information may also potentially be contained here.
Both programs affect all systems that work with Intel CPUs. According to current knowledge, an attacker must gain shell access to the system in order to use either Meltdown or Specter. However, root access is not required – a fact that makes these vulnerabilities all the more dangerous. Please note that shell access can be obtained in various ways – for example by using web apps that use PHP or CGI.
Is my jtel system affected?
At this time we assume that you have nothing to worry about.
The only application that is normally accessible from outside in a well-protected jtel installation is the web server / load balancer. Neither the jtel web application nor the load balancer uses any technology in the software stack that enables an attack using one of these security vulnerabilities. And this is mainly because the web application does not use shell access to provide any functionality.
However, if you are concerned that your jtel system could be attacked from your internal network, we can of course plan a patch.
Am I affected at all?
In short: yes. Some of the IT systems they operate will be affected in some way. But how dangerous this is will depend on the systems and software themselves and how easily accessible they are from outside.
Can I have my systems patched right now?
As stated above, we believe that neither Meltdown nor Specter can be used to affect your jtel system. Accordingly, we currently have no plans to patch our customer systems.
For systems where modifications are planned (new installations or software updates):
During the next planned revision of your jtel system, we will simultaneously arrange a patch of the operating system. Please note that we need your support to be able to make the necessary backups/snapshots.
If you would like a patch sooner:
Please contact us so that we can make you an offer and arrange a current patch delivery for your operating system.