--- title: "What you need to know about meltdown and spectre" page_name: "What You Need to Know About Meltdown and Spectre" type: "blog" slug: "security-meltdown-spectre" published_at: "2018-01-12" modified_at: "2025-05-09" url: "https://www.sumologic.com/blog/security-meltdown-spectre" canonical: "https://www.sumologic.com/blog/security-meltdown-spectre" markdown_url: "https://www.sumologic.com/blog/security-meltdown-spectre.md" lang: "en" excerpt: "Meltdown and Spectre are the latest security vulnerabilities impacting business and consumers. This post takes a closer look at these vulnerabilities, its potential impact and how Sumo Logic is addressing." taxonomy_blog_category: - "SecOps & Security" --- [ All blogs ](https://www.sumologic.com/blog "blog")[SecOps & Security](https://www.sumologic.com/blog/secops-security) # What You Need to Know About Meltdown and Spectre [George Gerchow](#blog-author-block-133) January 12, 2018 2 min read [SecOps & Security](https://www.sumologic.com/blog/secops-security) ##### Table of contents Last week, a security vulnerability was announced involving the exploitation of common features in microprocessor chips that power computers, tablets, smartphones and data centers. The vulnerabilities known as “Meltdown” and “Spectre” are getting lot attention in the media, and no doubt people are concerned about its impact on business, customers, partners and more. Here’s what you really need to know about these vulnerabilities. **What are Meltdown and Spectre?** The **Meltdown** vulnerability, [CVE-2017-5754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754), can potentially allow hackers to bypass the hardware barrier between applications and kernel or host memory. A malicious application could therefore access the memory of other software, as well as the operating system. Any system running on an Intel processor manufactured since 1995 (except Intel Itanium and Intel Atom before 2013) is affected. The **Spectre** vulnerability has two variants: [CVE-2017-5753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753) and [CVE-2017-5715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715). These vulnerabilities break isolation between separate applications. An attacker could potentially gain access to data that an application would usually keep safe and inaccessible in memory. Spectre affects all computing devices with modern processors manufactured by [Intel](https://www.intel.com/content/www/us/en/products/processors.html) or [AMD](http://www.amd.com/en-us/products/processors), or designed by [ARM](https://www.arm.com/products/processors)\*. These vulnerabilities could potentially be exploited to steal sensitive data from your computer, such as passwords, financial details, and other information stored in applications. [Here](https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-computer-processor-intel-security-flaws-explainer) is a great primer explaining these security flaws. **What can be compromised?** The core system, known as the kernel, stores all types of sensitive information in memory. This means banking records, credit cards, financial data, communications, logins, passwords and secret information could which is all be at risk due to Meltdown. Spectre can be used to trick normal applications into giving up sensitive data, which potentially means anything processed by an application can be stolen, including passwords and other data. **Was the Sumo Logic platform affected?** Yes. Practically every computing device affected by Spectre, including laptops, desktops, tablets, smartphones and even cloud computing systems. A few lower power devices, such as certain Internet of Things gadgets, are unaffected. **How is Sumo Logic handling the vulnerabilities?** As of January 4th, 2018, AWS confirmed that all Sumo Logic systems were patched, rebooted and protected from the recent Meltdown/Spectre vulnerability. We worked very closely with our AWS TAM team and verified the updates. Sumo Logic started the OS patching process with the latest Ubuntu release Canonical on January 9th. Risk level now that AWS has patched is **low**, but we will continue to be diligent in following up and completing the remediation process. We take this vulnerability very seriously and are dedicated to ensuring that Sumo Logic platform is thoroughly patched and continuously monitored for any malicious activity. If you have questions please reach out to . ### Article Tags - [SecOps & Security](https://www.sumologic.com/blog/secops-security) George Gerchow CSO and SVP of IT As Sumo Logic’s CSO and SVP of IT, George Gerchow brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. George has been on the bleeding edge of public cloud security, privacy and modernizing IT systems since being a co-founder of the VMware Center for Policy & Compliance. He is a Faculty Member for [IANS](https://www.iansresearch.com/our-faculty/faculty/detail/%5Bf669d9a7-009d-4d83-ddaa-000000000002%5D2CFAB8BA-3C3D-440F-AC51-75AE8FD0D8A6) – [Institute of Applied Network Security ](https://www.iansresearch.com/our-faculty/faculty/detail/%5Bf669d9a7-009d-4d83-ddaa-000000000002%5D2CFAB8BA-3C3D-440F-AC51-75AE8FD0D8A6) and sits on several industry advisory boards. Mr. Gerchow is also a known philanthropist and CEO of a nonprofit corporation, [XFoundation](https://www.xfoundationx.org/). [](https://www.sumologic.com/feed "RSS Feed")[](https://twitter.com/intent/tweet?text=What%20You%20Need%20to%20Know%20About%20Meltdown%20and%20Spectre&url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fsecurity-meltdown-spectre "X")[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fsecurity-meltdown-spectre "Facebook")[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fsecurity-meltdown-spectre "Linkedin") [Previous blog Kubernetes Development Trends](https://www.sumologic.com/blog/kubernetes-development-trends)[Next blog AWS Config vs. CloudTrail](https://www.sumologic.com/blog/aws-config-vs-cloudtrail) People who read this also enjoyed [ AI across the security lifecycle June 18, 2026 ](https://www.sumologic.com/blog/ai-across-security-lifecycle)[ Balance AI innovation and governance with Sumo Logic AI and ML apps June 10, 2026 ](https://www.sumologic.com/blog/sumo-logic-ai-ml-apps-governance)[ Sumo Logic AWS Region European Sovereign Cloud is now generally available June 2, 2026 ](https://www.sumologic.com/blog/sumo-logic-aws-region-european-sovereign-cloud-generally-available)[ How digital banking is redefining fraud prevention May 28, 2026 ](https://www.sumologic.com/blog/digital-banking-redefining-fraud-prevention) [AI Instructions](https://www.sumologic.com/ai-instructions.md)