L1TF – L1 Terminal Fault Attack
Summary
Epicor Eclipse is aware of the Terminal Fault Attack vulnerabilities that affect Intel microprocessors that unprivileged attackers can use this flaw to bypass memory security restrictions in order to gain access to data stored in memory that would otherwise be inaccessible.
Because it’s a vulnerability in the CPU hardware implementations, not a bug in the Eclipse application program, there is no “patch” from Eclipse.
We recommend that customers check with their hardware and Operating System (OS) vendors for applicable patches as the solution for Terminal Fault Attack.
Epicor’s Response
- Apply the firmware update via BIOS update
- Apply the operating system (RHEL & Windows) patch
- Apply hypervisor patches where applicable
Recommended Customer Actions
We recommend that customers open a service request with Eclipse Systems support team and deploy patches on their platform and underlying infrastructure on a mutually agreed schedule.
Frequently Asked Questions
Q: How do I patch my system?
A: Install Red Hat updates.
A: Install Dell Firmware Update.