You may have heard the recent news about Meltdown and Spectre, two new vulnerabilies affecting nearly all modern computers and mobile devices. There isn't any evidence that these vulnerabilities are actively being exploited yet. However, all computers affected should be patched as soon as possible in order to prevent the risk of this vulnerability leading to the unauthorized disclosure of sensitive data on your computer (such as passwords and personally identifiable information).

Most SAS computers are patched and managed by SAS Computing, and their patches are kept up to date as patching status is monitored on an ongoing basis by SAS Computing staff.  Operating system patches for Meltdown and Spectre have only been released very recently by Microsoft and Apple and are currently being tested by SAS staff. They will be deployed as soon as our testing determines it to be safe and practical to apply them to SAS computers; we expect deployment of the patches will begin the week of 1/15.

For home computers and mobile devices that you manage yourself, it is very important that you apply updates that patch for these vulnerabilities as soon as possible. Some manufacturers are still in the process of developing patches so you should watch for updates that apply specifically to your computers or devices.

You may also want to reach out to your LSP and ask about how SAS Computing can automatically patch your SAS computer for you.

Information compiled by ISC regarding this latest threat can be found here: 

https://www.isc.upenn.edu/security/meltdown-spectre

For more information, or if you have any questions, please contact your LSP.