Interskill Learning Mainframe Training


The Online Mainframe Training Specialists
Search   Course Catalog   Live Chat!  
Return to Knowledge Base

Meltdown and Spectre Vulnerabilities

On January 3, 2018, researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel.

The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715, are collectively known as Spectre, the third vulnerability, CVE-2017-5754, is known as Meltdown. The vulnerabilities are all variants of the same attack and differ in the way that speculative execution is exploited.

Interskill Learning has a plan of action in place for all vulnerabilities such as these as part of its standard security and business continuity procedures. As patches from hardware and software vendors are made available, we'll assess, test, coordinate and deploy accordingly across our environment. In the event customers are affected by these procedures, Interskill Learning will communicate to affected customers if actions that would impact their environments are required.