Impact of Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715) on Veritas eDiscovery Platform

Description

Security researchers have recently disclosed the processor vulnerabilities identified as "Meltdown" (CVE-2017-5754) and "Spectre" (CVE-2017-5753 & CVE-2017-5715) that impact products using x86 architecture, including Intel and other manufacturers' microprocessors.

What We Know

• These vulnerabilities do not directly target Veritas eDiscovery Platform.
• Veritas eDiscovery Platform is indirectly affected as it is installed on DELL servers including R730, 8100, and 8200 servers. Veritas recommends checking with DELL to download and install your device-specific hardware/firmware update. See this Security Advisory from DELL for further details.
• Veritas recommends applying the Microsoft Windows patches for the supported operating systems: Windows Server 2008 R2 SP1 64-bit (Standard or Enterprise Edition) and Windows Server 2012 R2 (Standard or Data Center edition). See this Security Advisory from Microsoft. Install the relevant Windows security updates that you might receive from Microsoft.
• Installing those hardware and software patches might result in some performance degradation of Windows servers. We are working to determine any measurable performance impact on the eDiscovery Platform and we will provide guidance only when we have established fact-based data from our performance test group. The timeline to the completion of this work has not yet been identified, and is dependent on availability of the fixes from our vendors.

Action Required

Veritas is committed to the security and safety of its products, customers, and most importantly, the data we protect. Continue to monitor this TechNote for updates.  Veritas will provide additional communication updates via this TechNote on patch strategy, availability, and timing of release to address these vulnerabilities.