To All,

There is a good amount of attention already circulating related to the Spectre & Meltdown Vulnerabilities.  With the high likelihood of expanded media attention over the next few days I wanted to share some information.


The following site has a good overview and links to some detailed information.


Below are some of the key take-aways:
These vulnerabilities are hardware based and will impact most computers & servers (Windows, Mac, and Linux).
The vulnerabilities can be exploited to collect information directly from memory (including passwords, encryption keys, and other sensitive information).
Patches are being released but carry some cautions.
Windows patches will not run on systems with in-compatible Anti-Virus (many are not currently compatible). 
The patch can impact performance of the system.
Virtualized and Cloud environments present higher potential risk due to the nature of the data exposure.
The potential impact of these vulnerabilities is likely to evolve and grow as time continues.

Implement patches as they become available.
Monitor systems for performance & security concerns.
Check with key software providers/vendors (cloud solutions) on their exposure and mitigations.
Be watchful for continuing developments.


Mark Ackerly, CISM | Information Security Officer 

The University of Vermont

P: 802-656-1174 | [log in to unmask]