60847: Acronis Access Advanced, MassTransit: Spectre and Meltdown vulnerabilities

use Google Translate

Applies to: 

Operating Systems: 

Last update: 05-06-2020

Acronis Access Advanced and Acronis Mass Transit are not directly affected by Meltdown or Spectre.

Introduction

Acronis will continue to monitor the vulnerabilities. This article will be updated with new information if such arises.

CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 - also known as Meltdown and Spectre - exploit critical vulnerabilities in modern processors. Meltdown and Spectre work on personal computers, mobile devices, servers and in the cloud. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of information stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, emails, instant messages and even business-critical documents.

Is Acronis Access Advanced or Acronis MassTransit affected?

Acronis Access Advanced and Acronis MassTransit are not directly affected by Meltdown or Spectre as they operate on a higher application layer. However, both products are installed on the Windows Server, Windows Desktop, Mac OS X, iOS and Android operating systems which are vulnerable and require the latest security patches.

We highly recommend that you install all the latest versions of your BIOS, operating system(s), browser(s) and virtualization software to keep your deployment safe.

Security Patches

Microsoft:

Windows 10, 8.1 and 7https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb405.... For more information - https://support.microsoft.com/en-us/help/4073119/protect-against-specula...

Edge and Internet Explorer 11 browsers - https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mit...

Windows Server (different versions) - https://support.microsoft.com/en-us/help/4072698/windows-server-guidance...

Apple:

macOS High Sierra, Safari and iOS 11.2 - https://support.apple.com/en-us/HT208394

Google:

Android - https://source.android.com/security/bulletin/2018-01-01

Chrome - https://www.chromium.org/Home/chromium-security/ssca

Others:

Firefox - https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-cla...

Known Issues

Some of the Operating System security patches are known to cause issues with Anti-Virus software and older AMD processors. Please consult your vendor's recommendations before applying any patches.

Tags: