On the 3rd of January 2018, three new vulnerabilities were released that have been grouped together and called Spectre and Meltdown. These are not traditional software based vulnerabilities but are inherent in the very fabric of modern Intel and ARM processor chips.

Because these vulnerabilities are within the processors, operating systems and applications that run on top of these processors are vulnerable and the only real way to resolve hardware issues like these is to replace those processors or update their firmware which is not very practical. We recognize as do our partners that the only way to tackle these latest hardware based vulnerabilities is to make the physical-layer vulnerabilities inaccessible and this needs to be accomplished at an operating System and potentially application layer.

Call Design’s current position is first to ensure that our systems continue to be appropriately patched with updated anti-virus and malware protection from leading vendors. We note that some operating system patches have been released that have caused existing systems and applications to fail and we are therefore cautious in the application of any of these Spectre and Meltdown patches without comprehensive testing.

We will continue to monitor the situation closely seeking advice from various trusted vendors including Microsoft and Alvaria as well as our firewall and network providers to ensure that all advice is followed and that recommended patches are tested to ensure that they do not introduce new problems before being applied.

Peter Salmon
Director
Call Design