Last week, news of new mega vulnerabilities dominated the headlines of both tech and mainstream media. If you work in an IT or tech role, the words “Meltdown” and “Spectre” likely dominated your inboxes, SMS messages and Slack channels, as well. Meltdown and Spectre (known technically as CVE-2017-5754, CVE-2017-5753 & CVE-2017-5715) refer to newly discovered vulnerabilities that impact most modern processors including Intel, AMD and ARM. Simply put, the vulnerabilities impact virtually every PC, tablet, smartphone and server on the planet, and like all cloud and tech companies, aspects of LogMeIn’s services and IT infrastructure rely on such hardware and are therefore not immune. As a company that prides itself on security – the security of our customers, our data, and our systems — we wanted to take a minute to help our customers cut through the noise and better understand what steps we’re taking to address these vulnerabilities, and what steps our customers can take to further protect themselves.
First and foremost, it’s important to note that LogMeIn’s security, product operations, IT and product development teams have not found any evidence to indicate that these vulnerabilities have impacted our service or our customers.
Rolling out patches and fixes as they become available
Given the industrywide nature of these issues, it should not come as a surprise that almost all major service providers are in the process of creating and rolling out patches. As these become available and are tested, we’ll apply them to services and infrastructure.
For our corporate IT infrastructure, we’ve already started patching employee devices and enterprise systems to ensure any potential internal vectors are rapidly addressed. We expect that to be largely complete within days. For context, this staggered timing and approach is intentional, as we want to ensure these systems and applications can interact with the patches.
For our data centers and production environments, we are currently assessing and rolling out patches to prevent external exploits. Our security in depth minimizes the risk of exploits during this patching period. Similar to our corporate IT infrastructure, as patches become available from vendors, they are being tested and applied.
Recommended Steps for Customers
Please note that due to the nature of the issue, no action is required to further secure any of your LogMeIn services – the steps we’re taking and have outline above will address such issues. That said, we do recommend the usual best practice hygiene when it comes to patching devices running Linux, Windows, macOS, Android, and iOS operating systems. Similarly, customers should also plan to update all browsers including Chrome, Firefox, Safari, and Internet Explorer to the latest versions that address these vulnerabilities from the respective vendor sites.