Do we have any release plan against the latest microprocessor vulnerability(Meltdown/Spectre) ?
- Cloud Auth
- Cloud Authentication
- Cloud Authentication Service
- Community Thread
- Forum Thread
- RSA SecurID
- RSA SecurID Access
- side-channel attack
We do have 2 new Dell Appliances and 3 older versions as well.
Since RSA supplies the appliances which includes the hardware I would say that it is RSA’s responsibility to advise and test patching to ensure that no new issues are introduced or encountered.
We could all individually do the research but to me when we purchase hardware and software from a vendor we usually look to them for recommendations, especially when it relates to security software.
January 31st, 2018 Let’s Talk, text and tweet for mental health!
Sadly, the KB link isn't working for me and I get an 'unauthorized' page. We're running two virtual appliances and I'd like to understand the impact of Spectre/Meltdown and if our appliances are affected. Any suggestions?
I can't speak for RSA- they are I think still testing and assessing the impact on their products, but from what I've read these issues are a result of physical processor architecture flaws (so you;re on better footing if your machines are virtualized), but the hypervisor running the VMs is still vulnerable (and theoretically protected memory for one VM can be read by another...) .
I'd take a look at these blog posts by VMware:
As for why you cant see the RSA KB article, I'm afraid I can't help. Just checked and I can still see it (but you have to be logged in to read it).
Hope that's something to go on. *I am not an expert*
Actually I stand corrected - the KB has been updated! It doesn't give confirmation for virtual appliances, but it does say that as the hardware appliances are " single-user, root-user-only" systems, an exploit would need admin privs to your device to leverage these vulnerabilities.
Extrapolating from that; VM appliance is also " single-user, root-user-only", so should be equally not vulnerable (but the hypervisor still would be).
(hope its OK to paraphrase the KB here in the forums)
Thanks for that. I can't understand why the KB isn't publicly available and I'm suspecting because I didn't sign up to the community and register our appliances/support contract, I'm not allowed to view knowledge base articles...