As you may be aware, computer security researchers recently discovered several flaws in the microprocessors of nearly all modern computers (including cell phones, tablets, etc.). This has led to two new vulnerabilities, called Meltdown and Spectre. If exploited, these vulnerabilities can result in the unauthorized disclosure of data being processed by—or stored in—your computer’s memory (e.g., passwords, personally identifiable information, etc.).

 At this time, there is no evidence of these vulnerabilities being exploited. However, applying all software patches—application and operating system—will greatly reduce the risk of your systems being affected in the future. Work with your local IT support provider for assistance; see: https://www.isc.upenn.edu/get-it-help

 Penn is taking a number of steps to ensure that University systems and software are patched as soon as possible, that resources are available to assist you with questions or concerns and to monitor for changes in the threat level. Where possible, we will also monitor for and block attacks at the campus firewall.

 For more information on the vulnerabilities, what is being done, and how to get additional assistance, please see https://www.isc.upenn.edu/security/meltdown-spectre

If you have any questions or concerns with this, please contact ISC Information Security at security@isc.upenn.edu

—Wendell Pritchett, Provost

—Craig Carnaroli, Executive Vice President