CEMView 4.0 Security Update Bulletin

On January 3, 2018 a team of security researchers disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with many different vendors’ processors and operating systems.

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

An overview of the security vulnerability issue is available at the link below:

https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html?cid=em-elq-33470&utm_source=elq&utm_medium=email&utm_campaign=33470&elq_cid=124017

Microsoft released a series of Security Updates on the same day, January 3, 2018 to patch the disclosed security vulnerability. However, the released Security Updates were released with “Known Issues”.

One of the “Known Issues” in the release will affect CEMView if the security update is applied to the operating system that CEMView Server runs on. Specifically, the issue that will affect CEMView is:

The suggested workaround above to change the authentication level parameter has been implemented in the current latest release of CEMView 4.0 Build 0107.0.

If the Microsoft Security Updates released on January 3, 2018 are not applied to the operating system, then CEMView will continue to operate properly as before, but obviously the disclosed security vulnerability will exist on your system.

If the Microsoft Security Updates released on January 3, 2018 are applied to the operating system and CEMView is not updated, CEMView Client and all optional modules such as Gas Auditor, CEMView Mailer, FSClient, EDR Manager, etc. will be unable to connect to CEMView Server after the update.

CEMView must be updated to Build 0107.0 (or later) if the Microsoft Security Updates released on January 3, 2018 are applied to your system. Please do not apply the Microsoft Security Updates to your system if you do not have a current release of CEMView.

For customer with a current active Annual Support and Maintenance Contract, an update DVD will be mailed to you shortly, or contact us for a link to a download site to obtain the updated software.

Please contact Nexus Solutions by email at [email protected] or by telephone at +1 519 649 6100 Option 1 to obtain an updated release build of CEMView 4.0.

Share this post