Meltdown and Spectre Vulnerabilities
On January 3, 2018, researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities could allow an unprivileged local attacker, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel.
The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715, are collectively known as Spectre, the third vulnerability, CVE-2017-5754, is known as Meltdown. The vulnerabilities are all variants of the same attack and differ in the way that speculative execution is exploited.
Interskill Learning has a plan of action in place for all vulnerabilities such as these as part of its standard security and business continuity procedures. As patches from hardware and software vendors are made available, we'll assess, test, coordinate and deploy accordingly across our environment. In the event customers are affected by these procedures, Interskill Learning will communicate to affected customers if actions that would impact their environments are required.