SAS Statement Regarding Meltdown/Spectre Vulnerabilities
Reference Name: Meltdown/Spectre Vulnerabilities
Severity: High
History
2-8-2018 – Description section updated with infrastructure information
1-22-2018 – Affected products listed
1-5-2018 – Acknowledgement
Impact
SAS is aware of the Meltdown and Spectre vulnerabilities and has evaluated SAS® products and the subsequent fixes below. Refer to CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715 as well as https://meltdownattack.com/.
Description
The following SAS® products are affected:
| Product | Version | Fix Target Date |
|---|---|---|
| SAS® University Edition | All | Available |
| SAS® Data Loader vApp | 2.2 - 2.4 | Fixed in 3.1 and later |
Infrastructure Update: SAS IT Hosting Operations continues to work with vendor partners to ensure the security and stability of the hosting environment. Due to the complexity of the vulnerability and the inconsistency of vendor patches, SAS is verifying the stability of the patches as they become available and deploying them based on system priority. Please keep referring to this website, because it will be updated as the remediation efforts continue.
Solution
To address this issue, perform the following updates:
- Update the affected SAS software when the fix is available.
- Update the virtual management software (such as VMware and VirtualBox).
- Update the host operating system if it differs from the virtual management software.
- Update the firmware on the system by contacting your OEM.
Security Bulletins
View other security bulletins, published as part of our formal PSIRT process.
Technical Support
Get world-class technical support via our support track system.
