Reference Name: Meltdown/Spectre Vulnerabilities
2-8-2018 – Description section updated with infrastructure information
1-22-2018 – Affected products listed
1-5-2018 – Acknowledgement
SAS is aware of the Meltdown and Spectre vulnerabilities and has evaluated SAS® products and the subsequent fixes below. Refer to CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715 as well as https://meltdownattack.com/.
The following SAS® products are affected:
|Product||Version||Fix Target Date|
|SAS® University Edition||All||Available|
|SAS® Data Loader vApp||2.2 - 2.4||Fixed in 3.1 and later|
Infrastructure Update: SAS IT Hosting Operations continues to work with vendor partners to ensure the security and stability of the hosting environment. Due to the complexity of the vulnerability and the inconsistency of vendor patches, SAS is verifying the stability of the patches as they become available and deploying them based on system priority. Please keep referring to this website, because it will be updated as the remediation efforts continue.
To address this issue, perform the following updates:
- Update the affected SAS software when the fix is available.
- Update the virtual management software (such as VMware and VirtualBox).
- Update the host operating system if it differs from the virtual management software.
- Update the firmware on the system by contacting your OEM.