Vulnerability from the category Spectre & Meltdown
Dear Sir or Madam,
as you have already read in the press (
LINK), there is a new security gap in the area of Spectre & Meltdown.
This was evaluated by the All for One Group Security Team.
Based on the assessment of Microsoft
"...To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further..."
and the CVSS rating of 5.6 (medium) leads us to the conclusion that there is generally no immediate need for action.
Customer-specific assessments should be discussed individually.
Recommendation for action:
For systems under All for One Group operational responsibility, the following applies: Compliance with the agreed patch windows and approval of All for One Group patch requests Customer-specific requirements are handled via ticket at our support (+49 711 788 07 600 - firstname.lastname@example.org - https://support.all-for-one.com/).
All for One Group AG