VMware Technical Alert: “Meltdown” and “Spectre” Vulnerabilities Response
Incident Report for VMware Horizon Cloud
Update
The VMware Horizon Cloud team continues to evaluate, identity, and patch affected systems in our SaaS environments related to vulnerabilities described in CVE-2017-5753, CVE-2017-5715 (Spectre), and CVE-2017-5754 (Meltdown).

Additional Resources
· VMware Security & Compliance Blog (https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html)
· VMSA-2018-0002: VMware ESXi, Workstation and Fusion updated address side-channel analysis due to speculative execution (https://www.vmware.com/security/advisories/VMSA-2018-0002.html)
· VMSA-2018-0003: vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities (https://www.vmware.com/security/advisories/VMSA-2018-0003.html)
· VMware Virtual Appliances and CVE-2017-5753, CVE-2017-5715 (Spectre), CVE-2017-5754 (Meltdown) (52264) (https://kb.vmware.com/s/article/52264)

Support Contact Information
To open a Support Request, please call 1-877-4VMWARE, or fill out a request from MyVMware at http://my.vmware.com.

Best Regards,
The VMware Horizon Cloud Team
Posted 8 months ago. Mar 15, 2018 - 19:02 UTC
Update
Investigating - Dear Customer,

The Horizon Cloud Service is currently evaluating, identifying, and patching affected systems in our SaaS environments related to vulnerabilities described in CVE-2017-5715, CVE-2017-5753, ,CVE-2017-5754 and VMware KB52264 - https://kb.vmware.com/s/article/52264. This ongoing effort is being given high priority and we will update you on the status as needed. In the event we must perform maintenance that will affect our service availability, Horizon Cloud will work with you to determine suitable scheduling of these activities. Issues related to these vulnerabilities in cloud hosted virtual desktop environments managed by Horizon Cloud customers should be remediated in accordance with the guidance document provided by Microsoft - https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in. This guidance from your operating system vendor will help you identify, mitigate, and remedy Windows environments that are affected by the vulnerabilities described in the aforementioned CVEs and by Microsoft Security Advisory ADV180002 - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002.

Thank you for being a customer of the Horizon Cloud Service!
Horizon Cloud Team
Posted 10 months ago. Jan 16, 2018 - 15:19 UTC
Investigating
Dear Customer,

The Horizon Cloud Service is currently evaluating, identifying, and patching affected systems in our SaaS environments related to vulnerabilities described in CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. This ongoing effort is being given high priority and we will update you on the status as needed. In the event we must perform maintenance that will affect our service availability, Horizon Cloud will work with you to determine suitable scheduling of these activities. Issues related to these vulnerabilities in cloud hosted virtual desktop environments managed by Horizon Cloud customers should be remediated in accordance with the guidance document provided by Microsoft. This guidance from your operating system vendor will help you identify, mitigate, and remedy Windows environments that are affected by the vulnerabilities described in the aforementioned CVEs and by Microsoft Security Advisory ADV180002.

Thank you for being a customer of the Horizon Cloud Service!
Horizon Cloud Team
Posted 11 months ago. Jan 05, 2018 - 22:30 UTC
This incident affects: USA - Northern California, USA - Texas, and USA - Virginia.