Skip to main content

 

 

Coupa Success Portal

Execution Vulnerabilities in ARM-based and Intel CPUs

Execution Vulnerabilities in ARM-based and Intel CPUs

Updated: January 8, 2018

Two attacks against modern CPU microarchitectures were recently made public: Meltdown and Spectre, covered by the following CVEs:

As reported, these vulnerabilities may allow an attacker who can run malicious code to gain access to memory space outside of its normal authorization. In the case of Meltdown, this means a piece of malicious software could gain access to kernel or, in the case of some virtualization schemes, host memory. In the case of Spectre, this means untrusted code running in a sandbox (such as JavaScript) could gain access to the memory of its parent process (in the case of JavaScript, for example, that would mean it could read data in the browser process).

What is Coupa doing to protect your data?

Coupa has completed an internal assessment of the issues and our exposure to these vulnerabilities. Coupa runs primarily on leading cloud infrastructure platforms like Amazon Web Services (AWS), and to a lesser degree Microsoft Azure. Both of these cloud providers have already updated their infrastructure to mitigate the vulnerability at the “hypervisor level”, which is the major threat vector for users. In addition, we are testing and applying released vendor patches as part of our vulnerability and patch management policies.

Last, there are a few actions you can take on your own right now to limit your exposure
  • Update your own operating systems with the latest patches. This includes desktop, laptop, tablet, and mobile devices.
  • Update your browsers. Browsers are continually releasing new features and protections. As a best practice, you should enable automatic updates on your browser.
  • Was this article helpful?