Execution Vulnerabilities in ARM-based and Intel CPUs
Updated: January 8, 2018
Two attacks against modern CPU microarchitectures were recently made public: Meltdown and Spectre, covered by the following CVEs:
- CVE-2017-5753: bounds check bypass
- CVE-2017-5715: branch target injection
- CVE-2017-5754: rogue data cache load
What is Coupa doing to protect your data?
Coupa has completed an internal assessment of the issues and our exposure to these vulnerabilities. Coupa runs primarily on leading cloud infrastructure platforms like Amazon Web Services (AWS), and to a lesser degree Microsoft Azure. Both of these cloud providers have already updated their infrastructure to mitigate the vulnerability at the “hypervisor level”, which is the major threat vector for users. In addition, we are testing and applying released vendor patches as part of our vulnerability and patch management policies.
Last, there are a few actions you can take on your own right now to limit your exposure
- Update your own operating systems with the latest patches. This includes desktop, laptop, tablet, and mobile devices.
- Update your browsers. Browsers are continually releasing new features and protections. As a best practice, you should enable automatic updates on your browser.