SAS Statement Regarding Meltdown/Spectre Vulnerabilities

Reference Name: Meltdown/Spectre Vulnerabilities
Severity: High


History

2-8-2018 – Description section updated with infrastructure information

1-22-2018 – Affected products listed

1-5-2018 – Acknowledgement

Impact

SAS is aware of the Meltdown and Spectre vulnerabilities and has evaluated SAS® products and the subsequent fixes below. Refer to CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715 as well as https://meltdownattack.com/.

Description

The following SAS® products are affected:

ProductVersionFix Target Date
SAS® University Edition AllAvailable
SAS® Data Loader vApp2.2 - 2.4Fixed in 3.1 and later

Infrastructure Update: SAS IT Hosting Operations continues to work with vendor partners to ensure the security and stability of the hosting environment. Due to the complexity of the vulnerability and the inconsistency of vendor patches, SAS is verifying the stability of the patches as they become available and deploying them based on system priority. Please keep referring to this website, because it will be updated as the remediation efforts continue. 

Solution

To address this issue, perform the following updates:

  • Update the affected SAS software when the fix is available.
  • Update the virtual management software (such as VMware and VirtualBox).
  • Update the host operating system if it differs from the virtual management software.
  • Update the firmware on the system by contacting your OEM.
Security Bulletins Icon

Security Bulletins

View other security bulletins, published as part of our formal PSIRT process.

Technical Support Icon

Technical Support

Get world-class technical support via our support track system.

Samples & SAS Notes Icon

Samples & SAS Notes

Search our extensive Knowledge Base for code samples and SAS Notes.

Back to Top