Meltdown and Spectre

January 22, 2018

Meltdown and Spectre

The Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerabilities have been featured prominently in both technical and mainstream news. These vulnerabilities exploit flaws in the speculative execution optimization techniques used in the CPUs of most modern computer systems. SOTI has monitored, assessed and patched these vulnerabilities on SOTI's cloud services, which include SOTI MobiControl Cloud. Below is a summary of the precautions SOTI and our cloud hosting partners have taken to protect our customers and partners from these vulnerabilities.

Responding to Meltdown and Spectre requires a comprehensive response that includes the physical processing infrastructure, virtual machine hypervisors and operating systems. SOTI MobiControl Cloud and other SOTI cloud services are hosted on Amazon Web Services' (AWS) EC2 virtual machines. Amazon has released a security bulletin confirming that their EC2 virtual machines are protected from the Meltdown and Spectre vulnerabilities. While Amazon maintains and secures the physical infrastructure, hypervisors and related infrastructure as detailed in their AWS Shared Responsibility Model, SOTI maintains and secures the operating systems running on the EC2 virtual machines. SOTI has responded to Meltdown and Spectre by installing the patches and configuration changes published by Microsoft to protect Microsoft Windows running on the virtual machines from these vulnerabilities. As a result of these precautions, SOTI MobiControl Cloud and other SOTI cloud services are well-protected from Meltdown and Spectre.

Customers running on-premise instances of SOTI MobiControl should apply the necessary Microsoft patches on all Windows machines or virtual machines that are running SOTI MobiControl components such as the Management Service, Deployment Service and Enterprise Resource Gateway.