Security Update: Meltdown & Spectre

Resolved
Resolved

The Global Monitoring Point release yesterday includes the latest fixes specific to this issue.

AppNeta Operations continues to monitor for other impactful security risks as well as any subsequent patches related to these CVEs and will apply remediation as necessary.

If you have any specific concerns about your AppNeta deployment, please contact support.

Sincerely, AppNeta Operations

Updated

Since the identification of this issue, AppNeta Operations are rolling out patches to various systems as they become available. At this time, all AppNeta Performance Manager applications nodes and hosting infrastructure have been updated with the patches available.

Available patches for enterprise monitoring points have been included in the latest monitoring point release. If you have not configured your monitoring points to receive updates automatically, please review and ensure you have executed the latest monitoring point upgrade.

AppNeta Operations continues to monitor for other impactful security risks as well as any subsequent patches related to these CVEs and will apply remediation as necessary.

If you have any specific concerns about your AppNeta deployment, please contact support. (mailto:support@appneta.com)

Sincerely, AppNeta Operations

Recovering

AppNeta is aware of recently disclosed research regarding the side-channel analysis of speculative execution on modern computer processors (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) and is actively working to mitigate the related risk.

In summary, there are two related exploits which have been named Meltdown and Spectre. At a high-level Meltdown and Spectre exploit critical vulnerabilities in modern processors, allowing programs to access data from areas of memory which the program should not normally have access to. For example, a specific written piece of software running on a vulnerable computer could retrieve passwords from memory.

The AppNeta operations team is pushing out patches for application infrastructure and operating systems as they become available. Much of the underlying architecture has been patched. In addition to regularly applying necessary system patches for specific issues like this, AppNeta takes several other security precautions to ensure access to our application systems is restricted.

Please be aware that there may be short service disruptions over the next few days with little or no notice as these critical patches are deployed to our Cloud Application Nodes, Global Monitoring Points and Enterprise Monitoring Points.

If you have any specific concerns about your AppNeta deployment, please contact support: https://tickets.appneta.com

Sincerely, AppNeta Operations

Began at: