On January 3, 2018, two vulnerabilities in all modern CPUs were made public: Spectre (CVE-2017-5715 and CVE-2017-5753) and Meltdown (CVE-2017-5754). EVP Systems completed the installation of vendor-provided mitigations for these flaws -- for both their cloud-based data center servers and desktop machines -- on January 13, 2018.
EVP Systems' servers all run the Ubuntu 16.04 operating system. A vendor-provided kernel that prevents the CPU from being exploited by the flaws was made available on January 9, 2018 and applied during the next maintenance window, on January 13, 2018.
All EVP Systems' Windows desktop machines automatically apply patches nightly via Windows Update, and received the fix (KB4056892) the night of January 4, 2018. All Macs were upgraded to macOS 10.13.2 with the supplemental security patch release on January 9, 2018.
EVP Systems does not issue cell phones or other devices to its employees, but has provided technical assistance so their personal systems can be safely upgraded. In addition to the Windows and macOS upgrades for employee's own computers, the company has recommended that iPhones be upgraded to iOS 11.2.2 (as of January 8, 2018) and that Android owners contact their vendor to get a patch designed for their specific device.
EVP Systems other CPU-based machines -- its printers, scanners, routers, and alarm and phone systems -- do not have vendor-provided patches available yet, though since these devices are all run purpose-specific operating systems and are not designed to be either virtualized or to execute arbitrary code, the risk of exploitation is nearly non-existent. However, part of the company's monthly security review will now include checking vendor sites, and updated operating systems or firmware will be applied if and when they are released.
If you have any questions or concerns about either the Spectre or Meltdown exploits or EVP Systems' responses to them, please don't hesitate to contact our Support Department at (818) 313-6300 or firstname.lastname@example.org.