Spectre and Meltdown Recommended Actions for Unify Products and Servers


Posted on: Jan 22, 2018 by Unify

Unify products operate as closed systems, where only approved software is active. This dramatically reduces the risk of the Spectre & Meltdown vulnerabilities to a low level where we can recommend that proactive patching of the operating systems, to mitigate risks associated with Spectre & Meltdown, is not necessary and not recommended at this point.

When Unify products are operating in a virtual environment, installing the CPU patches for the hypervisor (e.g. ESXi) is recommended. This will protect the Unify product from any malicious code that may be active on a separate virtual machine on the same host.

Desktops and workstations that run Unify clients should be patched against these vulnerabilities to ensure that no other applications running on the same machine have access to sensitive information used by our clients. This is particularly important for systems used to administer our products as high privileged credentials might be in use. No noticeable performance issues are expected for Unify clients.

We are actively testing the available operating system patches and will include them in future releases of our products, along with details of any performance impact caused by these patches. This will ensure compatibility with future operating systems patches while providing for ongoing performance and stability. We will update our vulnerability advisory with additional details as new information becomes available.

Unify advisories are published here: https://staging2.unify.com/en/security-advisories

 

Share this blog article


About Unify

Unify is is the Atos brand for communication and collaboration solutions
Unify is the newest member of the Atos family, combining Atos’ knowledge and reputation in the IT services market with Unify’s expertise in unified communications and collaboration to provide customers with seamless services solutions for their entire digital portfolio. Within Atos, Unify continues to deliver a unique integrated proposition for unified communications and real time capabilities.