Meltdown and Spectre – Intel CPU Bug - FullHost ®

Meltdown and Spectre – Intel CPU Bug

Earlier this week, a number of very serious security vulnerabilities were disclosed (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754).

As we’ve been made aware of these security flaws that originally appeared to be affecting Intel processor chips, that could circumvent the contents of protected kernel memory areas, we’ve been actively working internally and with our vendors to and gathering as much information as possible to understand the full impact on our infrastructure. Much of the initial research and findings has been held under a strict embargo by Intel, which has hampered our ability to fully understand the full impact that this could have.

When more information becomes available and any actions that we may need to take, we will be sharing it here through updates to this blog article.

The security of both our servers, and thus that of our clients is our number one priority. As in past when any serious vulnerability is made public, a rapid response from us may be required to ensure the security of your information and data.

You can read Intel’s initial statement here as well as information on this bug here.

January 5, 2018 Update

As the full extent of the vulnerabilities Meltdown and Spectre comes to light, we have assembled an internal team that is working directing with our vendors. With the information that we have available to us at the moment, we are assessing the impact that these patches will have on our infrastructure. This will be affecting multiple components: the kernel, hypervisor, and firmware.

With past vulnerabilities, while the scope of if was severe there was a much greater understanding at the onset on the remediation to it. This particular vulnerability has many moving parts, which is delaying our ability to act upon what is still unknown. What is coming to light is that KVM virtualization may not be impacted (or as impacted) as other types of virtualization.

We’d like to have a better time-frame to provide to you for when we will be fully remedied and are hoping to have further information by January 9th when we will be providing a further update (unless there is a significant update through the weekend – which we will advise of accordingly).

January 9, 2018 Update

Since our last update, some patches have been made available towards mitigating Meltdown and Spectre, and after internal testing and a staged test on some of our live systems, those patches have been applied across our network.

Having said this, we are not at a fully remedied state and are anticipating and expecting that updates to these initial patches are likely to be coming at us for some time. The work so far has been a great start to getting us to that point, and like all other vendors we’ve been in touch with we are all working from a similar place to getting to a full resolution.

Fortunately, as we use a rebootless kernel patching, reboots of the servers are not going to be required in all cases. Where reboots will be necessary, every effort will be made to provide as much advanced notice as we can, but there are situations that we may need to act quickly and we appreciate your patience and understanding up front where advanced notice cannot be given.

For those of you wondering, what your role will be in fixing your server with us:

  • If you have purchased a Developer VPS or Dedicated Server, where you are managing the server yourself, please ensure that you install the latest available updates of your OS and reboot your server.
  • For all clients that is a “shared” hosting environment, (Shared Hosting, Enterprise Hosting, Reseller Hosting, Managed WordPress), Email Hosting, or any Managed Virtual or Dedicated Server, we will be handling all updates for you.

We don’t have all the answers but we are taking all appropriate action to ensure our servers, and infrastructure are secure. We are working tirelessly to get to a state that is fully mitigated, and as all these moving parts are coming together we will be there.

Posted in FullHost News, Infrastructure, Security and Vulnerabilities
One comment on “Meltdown and Spectre – Intel CPU Bug
  1. Very thorough explanations and updates. Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *

*