Product Security Advisory: Meltdown and Spectre vulnerability in Promise Vess-A series

Jan 19 2018

 

Background:

In December 2017 information about two vulnerabilities in modern processors were published. These exploits are often referred to as Meltdown and Spectre. Promise Vess-A series products include Intel processors considered vulnerable:

The Meltdown and Spectre exploits are detailed in the URL below

https://meltdownattack.com/

Meltdown:

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. This may include passwords and sensitive data stored on the system

Spectre:

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices on speculative execution into leaking their secrets. 

It is advised that Vess-A users take steps to mitigate risk by updating their Operating Systems and browsers . Promise will take proactive measure to monitor the progress and recommendation from Intel and other CPU vendor for micro code update or OS patches as following to reduce the threats.

Windows Patches:

Download and install the appropriate patch from Microsoft:

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056891

Intel CPU microcode update:

As Intel makes microcode updates become available Promise will test them and make them available through new software service releases. They are expected to be available in the April timeframe for the Vess-A product line.

https://www.promise.com/Support/downloadcenter

Contact Promise Technology Support
Need more help? Save time by starting your support request online and a technical support agent will be assigned to your case.

Promise Technology Technical Support >