RSS Feed
News
Jan
4
Intel CPU bug Meltdown/Spectre [Closed]
Posted by Helpdesk Admin on 04 January 2018 08:30 AM

This week the industry has become aware of a number of vulnerabilities in modern CPU's manufactured by Intel, AMD and some other vendors that could allow software running on these devices to access protected memory on servers, desktops etc bypassing inbuilt security mechanisms that operating systems have been relying on.

This is a complicated issue affecting just about every laptop, desktop, server running Windows, Linux, iOS as well as many mobile devices. While it does not of itself directly allow a device to be compromised, it is rated as a very serious information disclosure especially in multi-tenant environments that could potentially allow sensitive in-memory information such as passwords, user data etc. be harvested.

  • CVE-2017-5753: bounds check bypass
  • CVE-2017-5715: branch target injection
  • CVE-2017-5754: rogue data cache load

Operating system and virtualization vendors are working on emergency patches/releases for these issues that will be made available in the coming days. These will be applied to all services/servers as and when they become available and are shown to be stable. Updating/patching/rebooting will take place usually between 10pm and 4am.

Legacy Linux shared hosting is implemented on Virtuozzo Containers for Linux so updates will be applied out of hours as and when new kernel images are made available by Virtuozzo. Websites may be affected for periods of time as individual servers are rebooted.

NG shared hosting is implemented on Cloud Linux. Kernel upgrades when available will be applied to individual nodes in rotation. In general this will not affect services except for a short time when load balancing nodes are restarted.

Legacy Windows shares hosting is implemented on Virtuozzo Containers for Windows and will be updated out of hours as and when new WSUS updates are made available by Virtuozzo.

Cloud VPS Linux/Windows will be updated out of hours as and when new kernel images or WSUS updates are made available by Virtuozzo. There will be several short duration outages of about 15 minutes when patches applied and servers are rebooted (typically two server reboots are required for VPS node updates).

[Update 5/1/18]

Microsoft updates are available and have been applied to all Windows non-VPS servers.

[Update 6/1/18]

Cloud Linux have released patches for affected kernels and NG web hosting has been upgraded.

[Update 8/1/18]

Virtuozzo have released new kernel versions for Linux and these have been applied to all Cloud VPS Linux and Legacy shared hosting nodes.

[Update 9/1/18]

Virtuozzo have released Windows WSUS updates for some versions and these have been applied where relevant. Updates are still pending for some older Cloud VPS Windows servers and will be applied when available.

Note: Some patches are preliminary and designed to address the main known vulnerabilities however we expect edge cases to remain and further patches may be released by vendors over the coming days/weeks to address these. We will apply updates/patches as and when they become available (where possible they will be applied between 10pm and 4am).

[Update 11/1/18]

All recommended vendor supplied patches have been applied.