NCR Corporation Logo

Banks & Credit Unions

Our tech connects your whole bank. So your operations run better. Your branches run leaner. Your apps are the best in the business. And you get an open, flexible platform that helps you innovate faster—for less cost and risk.

WHY NCR FOR BANKING
Person using phone on ATM, contactless transfer

Restaurants

We help brands of all sizes reduce the complexities of running their restaurants, so that they can focus on their food and guests - not their technology. Over 100,000 restaurants trust NCR to help them run their operations, drive sustainable growth and create frictionless guest experiences.

WHY NCR FOR RESTAURANTS
a man and woman looking at NCR checkout monitor

Retail

No matter your size, where you operate, or what kinds of customers you serve, we’re here to help you create more meaningful interactions between you and your customers.

Why NCR for Retail
Man using NCR Self-Checkout System

Other Industries

NCR is the world’s leading enterprise technology provider of software, hardware and services for banks, retailers, restaurants, small business and telecom & technology. We enable digital transformation that connects our clients’ operations from the back office to the front end and everything in between so they can delight customers anytime, anywhere and compete.

Banking Solutions

Our tech connects your whole bank. So your operations run better. Your branches run leaner. Your apps are the best in the business. And you get an open, flexible platform that helps you innovate faster—for less cost and risk.

Banking Overview

Restaurant Solutions

We help brands of all sizes reduce the complexities of running their restaurants, so that they can focus on their food and guests - not their technology. Over 100,000 restaurants trust NCR to help them run their operations, drive sustainable growth and create frictionless guest experiences.

Restaurants Overview

Retail Solutions

No matter your size, where you operate, or what kinds of customers you serve, we’re here to help you create more meaningful interactions between you and your customers.

Retail Overview

ATM Network Solutions

Maximize the value of the ATM for every business with NCR.

ATM Network Overview

Payment Solutions

Whether you’re opening up a new shop or need a solution integrated with your existing setup, we’ve got you covered.

Payments Overview

Telecom & Technology Solutions

The network is the heart of digital business. We help you keep it beating with managed services that get you to market faster, extend your global reach and deliver the best customer experience.

Telecom & Technology Solutions Overview

Company

We turn everyday transactions into meaningful relationships.

About NCR

Careers

Help us create the future of banking & commerce around the world.

Careers

News

Check out the NCR Newsroom to see our latest featured stories.

NCR Newsroom

Resources

Browse our best ideas, blogs, articles and resources to help you run the store, restaurant and self-service banking.

Our Partners

Power your business by teaming up with NCR. We sell more payment, assisted and self-service technologies than almost any other vendor in the world. And our experience can help you focus your efforts on the most promising market opportunities.

Our Partners

Investor Relations

We are NCR, the global leader in consumer transaction technology. For more than 130 years, NCR has helped companies better connect, interact and transact with customers.

Investor Relations Portal

Suppliers

NCR suppliers can access and update information regarding invoices, orders, billing inquiry and performance evaluations.

Suppliers Portal

Environmental, Social & Governance

Through our Environmental, Social and Governance (ESG) strategy, we're committed to addressing key areas that our employees, customers, shareholders, suppliers and communities care about most.

ESG HUB

How to Buy

MyNCR

Contact Us

Meltdown and Spectre Vulnerabilities

 

Last updated on 04/31/2018

 

 

NCR is aware that Intel has reported issues with released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) causing unpredictable system behavior.  On January 22, Intel recommended that customers stop deploying the current microcode version on impacted processors while Intel continues to perform additional testing on the updated solution.   

 

NCR is not aware of any reports to indicate that this Spectre variant 2 (CVE 2017-5715) has been used to attack customers. 

 

On February 20, Intel released new production microcode updates to OEM customers and partners for the 6th, 7th and 8th Generation Intel® Core™ product lines. These updates are intended to address the unpredictable system behavior issues reported in late January.  

 

Please see the Intel Security Center link for details:

<https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr>

 

NCR is aware of the reports of new security vulnerabilities within computer chips produced by Intel, Advanced Micro Devices and ARM holdings. These vulnerabilities are identified as:

CVE-2017-5715CVE-2017-5753CVE-2017-5754

 

The issue potentially impacts a broad range of devices (mobile phones, desktops, servers and cloud systems) from multiple vendors including NCR products. According to Intel, software and firmware updates will be required to address these vulnerabilities. Some software patches have been made available by vendors. NCR is evaluating the recommendations from vendors and developing plans for expedited implementation with an emphasis on reducing impact to our customers' operations.

 

NCR will communicate further as additional mitigation recommendations become available. Further technical information, including many links to vendor communications, is available at https://meltdownattack.com

 

 

Recommendations for Financial Services ATM Customers

 

PC cores in NCR ATMs use chips identified in these reports as being impacted by these vulnerabilities. Current analysis indicates that by fully following the requirements within NCR’s Best Practice Guidelines and following industry best-practice, customers can mitigate the risk of a successful exploit of this vulnerability.

 

1. Deploy January 3, 2018 Microsoft Security Update

 

Intel's website indicated that the vulnerabilities can be mitigated via Microsoft Security Updates.

 

CVE-2017-5753

 

CVE-2017-5754

 

CVE-2017-5715

 

Microsoft released security updates on January 3, 2018 to mitigate against these vulnerabilities. Guidance from Microsoft is available at:

 

https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe

 

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

 

NCR has performed high level ATM lab testing of the security update provided by Microsoft on Windows 7 and Windows 10 and on January 10, 2018, NCR distributed a notification via NCR’s Software Security Team’s ms-security-hotfix mailing list to indicate that testing was successful. Microsoft has not made a patch available for Windows XP.

 

Microsoft has advised that there could be potential performance issues with the patch.  NCR recommends that the patch be tested in the customer’s ATM lab environment prior to deployment.

 

Microsoft has provided additional guidance for customers that are using an anti-virus product.   For more details, customers should contact their supplier of anti-virus products.  NCR’s Solidcore Suite for APTRA is compatible and is not impacted by this patch.    

 

NCR customers and partners who contract for NCR software maintenance can ask their NCR account team to subscribe them to the ms-security-hotfix mailings. 

 

2. Deploy BIOS Update when it becomes available

 

Intel will be providing microcode updates to address, CVE-2017-5715. NCR will integrate the microcode from Intel and release new ATM BIOS versions for impacted cores.

 

The updated ATM BIOS should be deployed, once available, in addition to the Microsoft Security Updates. NCR customers should contact their NCR Account Manager or Professional Services contact to get additional information on the availability of these BIOS updates.

 

If a customer does not have our NCR Secure Remote BIOS Update solution, then these BIOS updates will require on-site visits to the ATMs. Customers should consider deploying NCR Secure Remote BIOS Update to further reduce the costs and operational impact of manual updates.  

 

Customers with NCR Secure Remote BIOS Update solution can utilize remote distribution to update their ATM BIOS. NCR is making updates to NCR Secure Remote BIOS Update to enable the remote delivery of the new BIOS to their ATMs. Availability dates of NCR Secure Remote BIOS Update will be announced as soon as possible.

 

Additional Guidance and Recommendations:

 

Customers should:

 

  1. Follow NCR’s best-practice guidelines detailed within the NCR Logical Security: Security Requirements to Help Protect Against Logical Attacks.
  2. Test and then deploy the January 3, 2018 patches made available by Microsoft as soon as possible.
  3. Test and then deploy updated BIOS for Talladega, Riverside, Pocono, Estoril, Silverstone, and Monza as they become available.  Lanier and Lanier II coresare not impacted. We are awaiting confirmation from Intel on whether Kingsway cores are affected or not. 
  4. Assess and address the same vulnerabilities across the entire enterprise.

 

Customers who would like additional guidance as to their current state of security deployment and how it aligns with NCR’s best practices may wish to avail themselves of the ATM Security Assessment. Further information on this alert please contact Owen Wild.

 

 

Recommendations for Retail, Restaurant, Cinema, Travel and Non-ATM Financial Solutions

 

Customers should:

  1. Test and deploy patches made available by vendors as soon as possible, including the patches made available by Microsoft on January 3, 2018 and SUSE once available specifically to address these vulnerabilities.
  2. Test and deploy BIOS Updates when they become available. Intel will be providing microcode updates to address, CVE-2017-5715.
    • The updated BIOS packages have been posted for the XR8 (7607) and XR7Plus (7703) hardware platforms.
      • Marketing Name NCR Product
      Class/Model      		 Motherboard
      Nickname      		 CPU Family
      XR7 Plus 7703 Richmond Skylake
      XR8 7607 Daytona Skylake
      XR6 7603 Monte Carlo Haswell
      SelfServ 75 7705-2xxx Monte Carlo Haswell
      SCER UK Post 2244 Monaco Haswell
      SCCO R6 7360 Monaco Haswell
      SCER UK Post 2244 Monaco Haswell
      TP120 2368 Monaco Haswell
      SCCO R6 7360 Monaco Haswell
      XR7 7702 Monaco Haswell
      SelfServ 90 7709 Monaco Haswell
      XK7 8820-2xxx Monaco Haswell
      XR5 7701 Dover Braswell
      P1235 7745 1235 (Braswell) Braswell
      P1532 7734 1532 (Braswell) Braswell
      P1535 7761 1535 (Braswell) Braswell
      P1535 7761 1535 (Braswell) Braswell
      XR3 7613 Dover Braswell
      XR4 7602 Dover Braswell
      82XRT 7606 Pocono Sandy Bridge
      KC4 (Standard) 1924 KC4 (Braswell) Braswell
      RealPOS 72XRT 7616 Bristol II Sandy Bridge
      SelfServ 4 2004 Riverside Sandy Bridge
      SelfServ 4 2004 Riverside Sandy Bridge
      RealPOS 60 Rel. 2.0 7601-3xxx/4xxx Riverside Sandy Bridge
      RealPOS 23 Rel 2.0 7649-4xxx Riverside Sandy Bridge
      SelfServ 75 7705-1xxx Riverside Sandy Bridge
      SelfServ 85 Rel. 2 8006-11xx Riverside Sandy Bridge
    • The updated BIOS should be deployed, once available, in addition to the Microsoft Security Updates.
  3. Follow IT security best-practices. Maintain good security hygiene and security controls.
  4. Review your current security systems and logs for any unexpected activity.
  5. Look for further communications from NCR as additional mitigation recommendations become available.
 
 
NCR’s engineering teams continue to work to determine any further impact on performance and/or functionality. Should changes potentially impact performance/functionality, a formal communication will be sent.

 

 

Update for Managed Services, Hosted Solutions/Cloud Customers

 

NCR teams continue to monitor our Threat Prevention, Detection and Response Center to detect and respond to suspicious activity in our internal and Software as-a Service (SaaS) systems.

 

The actions we are taking include:

 

  • Coordinating the patching of lab equipment with Software Services and Professional Services teams
 
  • Prioritizing vendor contact and patching of internal enterprise IT systems and NCR customer-facing SaaS infrastructure
 
  • Prioritizing external- and internal-facing systems and devices
 
  • Coordinating with hardware and software suppliers regarding patch availability
 
  • Deploying patches into test environments to determine performance impacts
 
  • Deploying patches into production environments after testing, using our standard change management processes