Hitachi Vantara Statement Regarding Spectre and Meltdown Vulnerabilities
As data becomes the currency of business, it is clear that constant vigilance about the security and governance of that data is critical. At Hitachi Vantara, we strive to quickly investigate our product lines for impact from any industry-wide security vulnerability and communicate with our customers via our support site.
Based on the extreme interest and public conversation about the recently uncovered industry-wide processor vulnerabilities known in the media as Meltdown and Spectre, we are providing summary information on any potential effects to our portfolio, as well as the detailed information to our customers in the CVE-specific articles below.
It is important to note that although these vulnerabilities have received a lot of press coverage and could potentially be very serious if exploited, at this time, we have not found any evidence that indicates these vulnerabilities have impacted any of our customers. With our customers best interest always in mind, we will be taking a balanced approach measuring the operational risk of implementing a potential solution with the security risk we are trying to address. We will be active in helping our customers minimize any potential disruption to their environments.
As with most – if not all – major IT systems vendors, some of our systems do leverage processors that could potentially be affected by these industry-wide vulnerabilities.
Hitachi all-flash and hybrid-flash storage products, content/object storage systems and network attached storage systems are considered to be effectively non-exploitable based on currently available information. We do not currently believe these systems are exploitable because they are designed to prevent running 3rd party applications, which would be required for exploitation of the processor vulnerabilities.
Some storage arrays have accompanying management servers (outside the data path) that may need recommended updates from processor and operating system vendors as they become available. Further detail on these updates can be found in the frequently updated documents listed below.
Our converged infrastructure and compute systems also leverage potentially vulnerable processors, and our current recommendation is to apply the relevant patches/updates at the operating system and management software layers as is advised and continually updated within the detailed documents on Support Connect.
These pages are the best and easiest place to get the latest information on how these industry-wide vulnerabilities might impact the Hitachi portfolio. They will be continuously updated as more information becomes available
Please note that a login is required to access the links below:
- “Meltdown” (CVE-2017-5754) related impacts on the Hitachi Vantara portfolio are located HERE.
- “Spectre” (CVE-2017-5715 and CVE-2017-5753) related impacts on the Hitachi Vantara portfolio are located HERE.
We recommend that Hitachi customers and partners direct related inquires to their local Hitachi Vantara representatives for more information, as those teams will have direct access to Hitachi technical support and engineering teams.
Media and Analyst inquiries should be directed to the Hitachi Vantara corporate communications team.