January 17, 2018
On January 3rd, Google’s security researchers from Project Zero first reported a set of serious security vulnerabilities, named Meltdown and Spectre, involving computer processors from leading manufacturers including Intel, AMD and ARM. The researchers discovered that most modern processors allow unauthorized programs to observe privileged memory, circumventing expected privilege levels. PCs, mobile devices, and entire cloud infrastructures could be affected by these exploits.
Leading technology companies including Microsoft, Google, Amazon Web Services and others are making an industry-wide effort to minimize their impact due to the widespread nature of this vulnerability as most data center hardware runs a version of the affected processors.
Intel had already provided updates for most of its systems introduced within the past few years within a week of the initial report. There are no known exploits of this vulnerability and, because of the fast response by the technology industry to release patches, risk of this exploit was significantly minimized.
Strategic Insurance Software (SIS) is actively engaged with our industry partners to ensure all measures are being taken to protect our customers and their Partner XE data. Infrastructure services within our cloud architecture have already been patched, directly protecting against this vulnerability from a hardware perspective. We are taking additional steps to update the individual guest operating systems as soon as they are available from their respective vendors.
Security is a top priority for SIS. Our team is constantly working to monitor and prevent unauthorized intrusions and respond to exploits like Meltdown and Spectre in conjunction with our partners quickly to keep Partner XE users and data safe.
The CompTIA Security Trustmark+ is based on the NIST Cybersecurity Framework. Companies awarded the Trustmark undergo a 3rd party assessment of the policies, procedures, and operations in place to identify, detect, protect, respond to, and recover from security incidents.