Product Security Advisory: Meltdown and Spectre vulnerability in Promise Vess-A series
Jan 19 2018
In December 2017 information about two vulnerabilities in modern processors were published. These exploits are often referred to as Meltdown and Spectre. Promise Vess-A series products include Intel processors considered vulnerable:
The Meltdown and Spectre exploits are detailed in the URL below
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. This may include passwords and sensitive data stored on the system
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices on speculative execution into leaking their secrets.
It is advised that Vess-A users take steps to mitigate risk by updating their Operating Systems and browsers . Promise will take proactive measure to monitor the progress and recommendation from Intel and other CPU vendor for micro code update or OS patches as following to reduce the threats.
Download and install the appropriate patch from Microsoft:
- Windows 7 or Window (Storage) Server 2008 R2
- Window (Storage) Server 2012 R2
- Windows 10 (Patched through Windows Update).
Intel CPU microcode update:
As Intel makes microcode updates become available Promise will test them and make them available through new software service releases. They are expected to be available in the April timeframe for the Vess-A product line.
Contact Promise Technology Support
Need more help? Save time by starting your support request online and a technical support agent will be assigned to your case.
Promise Technology Technical Support >