Meltdown and Spectre security vulnerabilities

As you may be aware, computer security researchers recently discovered several flaws in the microprocessors of nearly all modern computers (including cell phones, tablets, etc.).  This has led to two new vulnerabilities, called Meltdown & Spectre.  If exploited, these vulnerabilities can result in the unauthorized disclosure of data being processed by - or stored in - your computer’s memory (e.g., passwords, personally identifiable information, etc.). 

Penn is taking a number of steps to ensure that University systems and software are patched as soon as possible, that resources are available to assist you with questions or concerns, and to monitor for changes in the threat level.  Where possible, we will also monitor for and block attacks at the campus firewall. Please direct any questions related to Meltdown and Spectre to ISC Information Security Office at (215) 898-2172 or security@isc.upenn.edu.

1. Keep all systems and applications patched (including mobile and personal devices).
2. Talk to your local IT support providers (https://www.isc.upenn.edu/get-it-help).
3. Don’t panic and please stay tuned. At the time of this writing, there is no evidence of active exploitation of these vulnerabilities, but this situation continues to evolve.

Detailed information on Meltdown and Spectre is provided in the following sections with additional resources listed on this webpage right-hand banner.