Customer communications:


The recently discovered Spectre and Meltdown vulnerabilities have garnered a
large amount of attention within the industry. The vulnerabilities allow
potential exploits across a range of hardware architectures and operating
systems, enabling unauthorized access to various forms of data. Micro Focus is
fully committed to the security of its products and the secure operations of
its customers and adheres to recognized security protocols and best practices
across its global operations.

To address Spectre and Meltdown, we are aggressively patching our systems with
fixes as they become available. This will be an ongoing exercise as Operating
Systems, Virtualization, Firmware and other external vendors respond and
provide appropriate guidance. All of our product teams are currently evaluating
additional measures that may be required. In the context of INSERT PRODUCT
NAME, we are advising customers to take the following steps:


Engineers have been collaborating with our partners and the Linux community on
upstream Linux kernel patches. As a result of that collaboration, SUSE has been
able to release patches for the most recent SUSE Linux Enterprise (SLE)
versions. Additional details on specific vulnerabilities will be posted here in
CVE reports:

Additional patches for other SLE versions and environments will follow shortly.
Information on these patches can be found here.

We strongly recommend that our customers respond similarly in their
environments and we will be working over the coming days to publish suggested
practices externally via our IT Operations Management and Security Teams,
indicating how customers can use the Micro Focus Data Center Automation (DCA),
Network Operations Management (NOM) and ZENworks Unified Endpoint Management
offerings to detect and remediate such vulnerabilities.

For further information on Micro Focus security policies and product support
status, customers should contact their software support representative or visit
Micro Focus Support.

Kind regards,


The following is NDA until you are informed otherwise:

product teams are currently working on the appropriate customer communications
for these product lines:
• ArcSight
• iPrint Appliance
• iPrint for OES
• Micro Focus Service Desk Appliance
• NetIQ Access Manager
• NetIQ Change Guardian (including Sentinel)
• NetIQ CloudAccess
• NetIQ Self Service Password Reset
• NetIQ Services Director
• Open Enterprise Server
• PlateSpin Transformation Manager
• PlateSpin Migrate
• PlateSpin Protect & Forge
• TeamWorks
• Voltage SecureData
• Voltage SecureMail
• ZENworks Appliance
• ZENworks Reporting Appliance

Kim - 1/9/2018 2:17:31 PM