Unify Recommendations on Meltdown and Spectre CPU Vulnerabilities

There has been recent global press coverage reporting several security vulnerabilities in the hardware CPUs of IT devices (Servers, Workstations or other IT devices) known as Meltdown and Spectre. These two vulnerabilities apply to all modern processors (Intel, AMD, ARM, etc.) and consequently are present in all computing devices and operating systems. For users of Unify products and servers, Unify have provided a statement of recommended actions. This statement will be updated as new information becomes available.

Unify products operate as closed systems, where only approved software is active. This dramatically reduces the risk of the Spectre & Meltdown vulnerabilities to a low level where we can recommend that proactive patching of the operating systems, to mitigate risks associated with Spectre & Meltdown, is not necessary and not recommended at this point.

When Unify products are operating in a virtual environment, installing the CPU patches for the hypervisor (e.g. ESXi) is recommended. This will protect the Unify product from any malicious code that may be active on a separate virtual machine on the same host.

Desktops and workstations that run Unify clients should be patched against these vulnerabilities to ensure that no other applications running on the same machine have access to sensitive information used by our clients. This is particularly important for systems used to administer our products as high privileged credentials might be in use. No noticeable performance issues are expected for Unify clients.

We are actively testing the available operating system patches and will include them in future releases of our products, along with details of any performance impact caused by these patches. This will ensure compatibility with future operating systems patches while providing for ongoing performance and stability. We will update our vulnerability advisory with additional details as new information becomes available.

Please click HERE for the full statement