Meltdown and Spectre Vulnerabilities - initial assessment

Zscaler provides transparency around service availability and changes to our customers. Please refer to Zscaler’s service continuity customer notification policy for details.

Meltdown and Spectre Vulnerabilities - initial assessment

Zscaler is aware and is actively following a new publicly disclosed class of vulnerabilities that affect most modern operating systems and processors. Our initial assessment is that this class of vulnerabilities does not pose a serious risk to our cloud infrastructure or the data that we are securing. 

As we evaluate Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715), our top priorities are to keep our cloud running and our customer’s data secure and as such we are taking steps to evaluate and remediate any potential issues caused by these vulnerabilities.

While the scope of this industry-wide vulnerability includes operating systems and hardware in use in our cloud, the critical elements of our infrastructure do not allow attackers to run exploit code.

Nevertheless, we have been and will continue to patch our infrastructure as such patches become available. No additional user or customer action is needed.