UPDATE:1/4/2018 – DocuSign Meltdown and Spectre Security Alert Status
On January 4th three information security vulnerabilities were released, CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754, which exploit critical vulnerabilities in modern processors. These hardware bugs, known as Meltdown and Spectre, allow an application unauthorized access to read system memory.
Upon learning of these vulnerabilities, DocuSign initiated incident response procedures to ensure the security of the company’s servers, core systems and online properties. We have reviewed all of our sites and supporting infrastructure to identify systems which require patching. DocuSign’s operations team is actively testing these updates in non-production environments and, once this is complete, will roll these updates out to our production servers.
In addition, DocuSign has identified a number of partners who may be affected by these vulnerabilities and are working closely with them to ensure their systems are updated as quickly as possible.
DocuSign will continue to monitor the status of the situation and provide updates as needed.
For more information, you can reference: https://spectreattack.com/