Meltdown/Spectre

January 4, 2018

Ceridian is aware of a new publicly disclosed class of vulnerabilities referred to as “Meltdown/Spectre” that affect many modern processors and operating systems.  Our organization is treating this with the utmost importance.  We have not identified any impact from these vulnerabilities to date.  Ceridian is taking a precautionary approach to mitigate the vulnerabilities listed below and active testing of all available patches is underway.  In parallel, we are working with our third-party vendors to understand their plans to address. 

• CVE-2017-5753 - Bounds check bypass
• CVE-2017-5715 - Branch target injection
• CVE-2017-5754 - Rogue data cache load

Ceridian will continue to provide updates throughout this process.