Spectre & Meltdown CPU Vulnerabilities

Name:
Spectre & Meltdown CPU Vulnerabilities
Tracking Number
2018-001
First Publish Date
5-Jan-2018
Date of Current Status
12-Jan-2018
Next Planned Update
22-Jan-2018
Description
Vulnerabilities in select CPU vendors potentially could allow access to protected memory.
What You Need to Know?
Security researchers reported discovering a flaw in Intel CPUs, and CPUs that, if properly exploited, can be used to retrieve data from memory locations outside of what would normally be allowed. These vulnerabilities, CVE-2017-5753 and CVE-2017-5715 (aka Spectre) and CVE-2017-5754 (aka Meltdown), all rated medium with a local attack vector.
What Is Xerox Doing About This?
Xerox is actively assessing the situation and any possible impacts to Xerox products.
  • Xerox devices do not allow non-Xerox approved software to be installed onto a device. Software updates are digitally signed to prevent unauthorized modification, including insertion of malware.
  • Many Xerox products use specialized processors that are not Intel/ARM/AMD chips mentioned in the findings.
  • Xerox has engaged Intel and is actively investigating the impacts for the products which do utilize Intel processors.

We will continue to monitor the situation and act accordingly to protect our provisions of products to you both now and in the future.

Impact
In order to exploit any of these vulnerabilities, an attacker must be able to execute malware on an affected device. Xerox is not aware of any exploits to date. Based on current knowledge, the threat likelihood is low for Xerox products.
What Should You Do?
This notice will be updated as further information becomes available. Please visit https://www.xerox.com/Security for additional updates.

For Xerox Solutions that run on Windows and Linux platforms, you should refer to Operation System Vendor website to review and determine if appropriate patches are necessary. Always consult with your IT department.