Information Regarding Speculative Execution Meltdown and Spectre Vulnerabilities (15134-3250): Teradici Products Remain Immune

Vulnerability Detail

On January 3, 2018, researchers officially disclosed three vulnerabilities which exploit the application of speculative execution of guidelines that come with numerous modern microprocessor architectures for carrying out side-channel attacks, thereby exposing information.

Meltdown (CVE-2017-5754) is the first vulnerability which hackers use to obtain privileged access to chunks of a computer’s memory handled by the operating system (OS) and an application program. Fortunately, Meltdown is solely limited to Intel processors.

The second and third vulnerabilities (CVE-2017-5753 and CVE-2017-5715) have been labeled the Spectre moniker. Spectre grants perpetrators unauthorized entry into the information system found in the memory of running programs or data leaked in the cached/kernel files. The latter may consist of particulars including login keys and passwords. As per Google Project Zero, the Spectre vulnerability affects AMD, ARM and Intel chips.

Tera2 Zero Clients and Tera2 Remote Workstation Cards

We confidently verify that the security breach methods defined in the Meltdown and Spectre vulnerabilities do not affect the MIPS processor models utilized in our Tera2 Zero Client, Tera2 Remote Workstation Cards and Hardware Accelerator.

All Other Products

Teradici continues its examinations of their product range to discover any possible products which the Spectre and Meltdown vulnerabilities may have affected. Once their team concludes its investigations and discloses further information, we will revise the support website and related Knowledge Base content.

You can find an overview of their recent findings below.

ProductSpectre 1Spectre 2Meltdown
Tera2 Remote Workstation CardNot VulnerableNot VulnerableNot Vulnerable
Tera2 Zero ClientNot VulnerableNot VulnerableNot Vulnerable
Hardware AcceleratorNot VulnerableNot VulnerableNot Vulnerable
Cloud Access SoftwareNot Vulnerable*Not Vulnerable*Not Vulnerable*
Connection Manager for Amazon Workspace (TAA)Teradici will release a new version. See PCoIP Products and Releases (15134-650) for product updates

Stay Ahead of the Curve

Sign up for Future Product Announcements and Sales Promotions.

Workaround: Customers can update underlying operating system

Teradici will release new version. See PCoIP Products and Releases (15134-650) for product updates

Workaround: Customers can update underlying operating system

Teradici will release new version. See PCoIP Products and Releases (15134-650) for product updates

Workaround: Customers can update underlying operating system

Connection Manager/Security GatewayNot Vulnerable*Not Vulnerable*Not Vulnerable*
Host SoftwareNot Vulnerable*Not Vulnerable*Not Vulnerable*
License Server 1.x/2.0Not Vulnerable*Not Vulnerable*Not Vulnerable*
Management Console 1.xUnder ReviewUnder ReviewUnder Review
Management Console 2.x/3.xUnder Review**Under Review**Will be integrated into next MC release. See PCoIP Products and Releases (15134-650) for product updates

Workaround: Customers can update underlying operating system

Software ClientsNot Vulnerable*Not Vulnerable*Not Vulnerable*

*Not Vulnerable: Please note that the Meltdown and Spectre vulnerabilities do not always directly impact a Teradici product operating as a container or virtual machine in an OS.  In the event of an unprotected hosting environment, these monikers could exploit the product. Customers are therefore advised to fortify their virtual environment and deploy all security updates.

**Operating System Updates: In order to alleviate the effects of the Spectre and Meltdown vulnerabilities, several key operating systems now have updates available. You can apply these updates to products distributed in a virtual appliance layout.  Nevertheless, we recommend you to authenticate the system performance by conducting a snapshot backup of the device before updating or running some tests of the system prior to using it in products.

Contact Us
Contact Us