Meltdown & Spectre Vulnerabilities in Modern CPUs

As you may be aware, there‘s a critical design flaw in practically all processors that allows malicious attackers to read the entire memory of a vulnerable system, including workstations, servers and mobile devices. This means an attacker can steal your sensitive computer data such as passwords, SSL keys and data files from affected systems. The issue boils down into; Meltdown, which at this point is a vulnerability that can be exploited locally and applicable to only Intel and some ARM chips; and Spectre, which is a vulnerability which can also be exploited remotely through a website with malicious JavaScript code against machines running any type of chips, including Intel, AMD, ARM, and likely every other processor.While there’s a lot of information still being released, it’s clear that these vulnerabilities are most critical in a public cloud (AWS/Azure/Google) environment where host systems are shared between multiple users.Egnyte customers are served from our data centers on an infrastructure that is fully owned and managed by Egnyte. Since this is not a shared infrastructure, the risk of Meltdown and Spectre is greatly reduced and external attackers can not use it against us or our users.Some concrete patches have been released by many vendors. As our number one priority, the security team at Egnyte has taken this very seriously, and we want to assure all our customers that we will actively be watching the developments and deploying the appropriate patches as soon as they’re made available.For Egnyte customers, here’s a summary of all activities that have been performed so far:

  • Patches against Meltdown for Linux and Windows (KPTI, formerly KAISER) have been deployed.
  • All instances of web browsers used for automated testing and such have been updated.
  • We’ll be releasing patches for our on-prem environments as soon as we complete performance testing that is currently underway.

Some recommendations to ensure your personal devices are safe:Microsoft has also released a patch to address exploits from Meltdown. However, they noted that, unless a registry key is updated by the antivirus package, installing the security patch can result in a blue screen of death (BSoD).Apple has already released mitigations in iOS 11.2, macOS 10.13.2. All users should ensure that they are running the latest versions of these.To protect against web based exploitation, users should ensure they have the latest versions of web browsers installed and for older versions of Chrome, it’s recommended to enable additional security flag: Egnyte Security Team is continually monitoring the latest news on Meltdown and Spectre vulnerabilities to ensure we stay up to date on all mitigations for Egnyte products, infrastructure as well as internal IT environment.You can get further details on these vulnerabilities here and here, and remember to update your desktop software daily as there may be more updates coming in to resolve these issues in depth.

Get started with Egnyte today

Explore our unified solution for file sharing, collaboration and data governance.

How Product Security Helps To Protect Your Data at Egnyte
April 3, 2024
Maciej Markiewicz
Read Article
Protecting Sensitive Data with Egnyte in Today’s Threat Environment
December 12, 2023
Dawid Balut
Read Article
Kris Lahiri

View All Posts
Don’t miss an update

Subscribe today to our newsletter to get all the updates right in your inbox.

By submitting this form, you are acknowledging that you have read and understand Egnyte's Privacy Policy

Thank you for your subscription!

Welcome to
Egnyte Blog

Company News
Product Updates
Life at Egnyte
Industry Insights
Use Cases