Earlier this week, multiple vulnerabilities were released that affect nearly every modern server and desktop computer which are commonly known as Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715)
These vulnerabilities were not to be made public until Tuesday 9th January (First Microsoft Patch Tuesday of the year), however mitigation patches were committed to the Linux kernel which caused a lot of speculation from the community, causing vendors to move forward their information and Patch Releases this week
These vulnerabilities seek to break the isolation between user applications and the operating system, and also between different applications. This is able to happen due to the architectural design of modern CPU’s, which can allow locally running non-privileged malware to read data from the underlying operating system.
Most Vendors have already announced or released patches to mitigate the risks of these vulnerabilities. Based on the nature of these patches, it will be required to reboot affected servers.
We will be applying patches in the following order:
- Physical Hosts – Microcode/Firmware/BIOS - (Awaiting Vendor Release 24/01/2018)
- Physical Hosts – Anti-Virus (Completed)
- Physical Hosts – Operating System (Scheduled)
- Virtual Machines – Operating system (Scheduled)
- Customer Virtual Machines (VPS) - Anti-Virus
- Customer Virtual Machines (VPS) – Operating System
Outage notifications for items 1-4 will be posted to our service status page, please ensure that you have signed up if you wish to receive these notifications
For item 5, these will be applied automatically without requiring a reboot
For Item 6, a support ticket will be created for you to schedule a time for the patches to be applied to your VPS.
We are continuing to monitor the situation for further information from Vendors and will be updating our customers as more information becomes available. We can assure you that our customers security is our top priority and we are working to ensure the updates go smoothly with the least amount of disruption.
Further Information And Updates