Information Regarding Speculative Execution Meltdown and Spectre Vulnerabilities (15134-3250): Teradici Products Remain Immune

Information Regarding Speculative Execution Meltdown and Spectre Vulnerabilities (15134-3250): Teradici Products Remain Immune

Vulnerability Detail

On January 3, 2018, researchers officially disclosed three vulnerabilities which exploit the application of speculative execution of guidelines that come with numerous modern microprocessor architectures for carrying out side-channel attacks, thereby exposing information.

Meltdown (CVE-2017-5754) is the first vulnerability which hackers use to obtain privileged access to chunks of a computer’s memory handled by the operating system (OS) and an application program. Fortunately, Meltdown is solely limited to Intel processors.

The second and third vulnerabilities (CVE-2017-5753 and CVE-2017-5715) have been labeled the Spectre moniker. Spectre grants perpetrators unauthorized entry into the information system found in the memory of running programs or data leaked in the cached/kernel files. The latter may consist of particulars including login keys and passwords. As per Google Project Zero, the Spectre vulnerability affects AMD, ARM and Intel chips.

Tera2 Zero Clients and Tera2 Remote Workstation Cards

We confidently verify that the security breach methods defined in the Meltdown and Spectre vulnerabilities do not affect the MIPS processor models utilized in our Tera2 Zero Client, Tera2 Remote Workstation Cards and Hardware Accelerator.

All Other Products

Teradici continues its examinations of their product range to discover any possible products which the Spectre and Meltdown vulnerabilities may have affected. Once their team concludes its investigations and discloses further information, we will revise the support website and related Knowledge Base content.

You can find an overview of their recent findings below.

Product Spectre 1 Spectre 2 Meltdown
Tera2 Remote Workstation Card Not Vulnerable Not Vulnerable Not Vulnerable
Tera2 Zero Client Not Vulnerable Not Vulnerable Not Vulnerable
Hardware Accelerator Not Vulnerable Not Vulnerable Not Vulnerable
Cloud Access Software Not Vulnerable* Not Vulnerable* Not Vulnerable*
Connection Manager for Amazon Workspace (TAA) Teradici will release a new version. See PCoIP Products and Releases (15134-650) for product updates

Workaround: Customers can update underlying operating system

Teradici will release new version. See PCoIP Products and Releases (15134-650) for product updates

Workaround: Customers can update underlying operating system

Teradici will release new version. See PCoIP Products and Releases (15134-650) for product updates

Workaround: Customers can update underlying operating system

Connection Manager/Security Gateway Not Vulnerable* Not Vulnerable* Not Vulnerable*
Host Software Not Vulnerable* Not Vulnerable* Not Vulnerable*
License Server 1.x/2.0 Not Vulnerable* Not Vulnerable* Not Vulnerable*
Management Console 1.x Under Review Under Review Under Review
Management Console 2.x/3.x Under Review** Under Review** Will be integrated into next MC release. See PCoIP Products and Releases (15134-650) for product updates

Workaround: Customers can update underlying operating system

Software Clients Not Vulnerable* Not Vulnerable* Not Vulnerable*

*Not Vulnerable: Please note that the Meltdown and Spectre vulnerabilities do not always directly impact a Teradici product operating as a container or virtual machine in an OS.  In the event of an unprotected hosting environment, these monikers could exploit the product. Customers are therefore advised to fortify their virtual environment and deploy all security updates.

**Operating System Updates: In order to alleviate the effects of the Spectre and Meltdown vulnerabilities, several key operating systems now have updates available. You can apply these updates to products distributed in a virtual appliance layout.  Nevertheless, we recommend you to authenticate the system performance by conducting a snapshot backup of the device before updating or running some tests of the system prior to using it in products.

Contact Us
Contact Us