Message from Konica Minolta on Spectre and Meltdown CPU Vulnerability

Konica Minolta Business Solutions has issued an advisory regarding the Spectre and Meltdown CPU vulnerabilities and Konica Minolta copier/MFPs. First, Konica Minolta bizhub MFPs don’t incorporate Intel processors or the ARM Cortex A75 CPU, and therefore, aren’t susceptible to the Meltdown vulnerability.

The Spectre and Meltdown CPU security flaws affects processors manufactured by Intel, AMD, ARM, and POWER, and were reported last week. This vulnerability, if exploited, would be executed through malware infections and could gather sensitive data such as passwords and encryption keys from computing devices.

Risk Mitigation

The firm notes that, while this security flaw is of great concern, the immediate risk of attack “is very low.” Additionally, processor manufacturers state that this exploit is read-only and can’t corrupt, modify, or delete data. All manufacturers working with vendors are said to be quickly publishing patches to address this issue.

Microsoft

Microsoft is issuing a rare out-of-band security update to supported versions of Windows. These include Windows 10 and Server 2016. Older software will be automatically updated starting next Tuesday during Microsoft Patch Tuesday. The Microsoft patch will address processors by Intel, AMD and ARM manufacturers.

Deployment Mechanism

Windows 10 Systems and Server 2016 are being automatically updated today. Windows 7 or 8 and prior Server versions will be updated during customers’ next regular patching window, starting as early as next Tuesday.

Konica Minolta states that there are some reports that patching may affect system performance; however, this has not been validated at this time and Konica Minolta will closely monitor this.

Further Recommendations

Konica Minolta recommends that customers schedule a comprehensive review of All Covered’s security-protection solutions. All Covered’s Secure & Protect Security Suite is said to include various layers of security software, monitoring and End User Awareness Training to ensure organizations have a sound security practice.  Those wishing to discuss their security plan, or would like to schedule an on-site network assessment, should contact Konica Minolta’s All Covered here.

Advertisements